Re: GPG Signature Verification

2017-04-27 Thread Paul Taukatch 

This was exactly the issue! I was originally using the bouncy castle
ASN1Encodable library to generate the encoded hash value which for some
reason does not seem to produce the value defined/expected by the PGP.
Instead I now just use ASN1 full hash prefixes defined in the RFC directly
and the issue was resolved.

Very much appreciated Peter!

Thanks,
Paul Taukatch
Advanced Technologies Team / zOS Cloud Crypto




From:   Peter Lebbing <pe...@digitalbrains.com>
To: Paul Taukatch/Poughkeepsie/IBM@IBMUS, gnupg-users@gnupg.org
Date:   04/26/2017 06:24 AM
Subject:    Re: GPG Signature Verification



On 24/04/17 19:23, Peter Lebbing wrote:
> The part of "cmp" that would correspond to the constant part of the DER
> encoding I do not recognise.

It is still proper ASN.1, but it encodes a slightly different structure.

I wondered whether it was DER encoded or BER encoded, because I read
that BER was valid for old PKCS#1 v1.5 structures. DER is a subset of
BER. If the Python ASN.1 module pyasn1 rejects malformed DER encoding
then it is proper DER; or would pyasn1 be liberal in what it accepts?

Anyway, the two ASN.1 encoded objects are slightly different:

$ python
[...]
>>> import pyasn1.codec.der.decoder
>>> sha256der = b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02
\x01\x05\x00\x04\x20' + chr(0)*32
>>> unknown_enc=b'\x30\x2f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02
\x01\x04\x20'+chr(0)*32
>>> pyasn1.codec.der.decoder.decode(sha256der)
(Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0,
ObjectIdentifier(2.16.840.1.101.3.4.2.1)).setComponentByPosition(1, Null
(''))).setComponentByPosition(1, OctetString
(hexValue='')),
 '')
>>> pyasn1.codec.der.decoder.decode(unknown_enc)
(Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0,
ObjectIdentifier(2.16.840.1.101.3.4.2.1))).setComponentByPosition(1,
OctetString
(hexValue='')),
 '')

There's an extra setComponentByPosition(1, Null('')) in the properly
encoded ASN.1. It would appear that the library you're using *is*
trying to generate a PKCS#1 v1.5 message, but that it ends up with a
slightly different DER encoding than what is defined for OpenPGP. You
will have to find a way to generate a EMSA-PKCS1-v1_5 structure that is
compatible to RFC 4880 (and RFC 3447 PKCS #1 Version 2.1).

I don't know much about ASN.1, so I can't really say anything useful
about the results of the experiment above.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

[attachment "signature.asc" deleted by Paul Taukatch/Poughkeepsie/IBM]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG Signature Verification

2017-04-26 Thread Peter Lebbing 
On 24/04/17 19:23, Peter Lebbing wrote:
> The part of "cmp" that would correspond to the constant part of the DER
> encoding I do not recognise.

It is still proper ASN.1, but it encodes a slightly different structure.

I wondered whether it was DER encoded or BER encoded, because I read 
that BER was valid for old PKCS#1 v1.5 structures. DER is a subset of 
BER. If the Python ASN.1 module pyasn1 rejects malformed DER encoding 
then it is proper DER; or would pyasn1 be liberal in what it accepts?

Anyway, the two ASN.1 encoded objects are slightly different:

$ python
[...]
>>> import pyasn1.codec.der.decoder
>>> sha256der = 
>>> b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20'
>>>  + chr(0)*32
>>> unknown_enc=b'\x30\x2f\x30\x0b\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x04\x20'+chr(0)*32
>>> pyasn1.codec.der.decoder.decode(sha256der)
(Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0, 
ObjectIdentifier(2.16.840.1.101.3.4.2.1)).setComponentByPosition(1, 
Null(''))).setComponentByPosition(1, 
OctetString(hexValue='')),
 '')
>>> pyasn1.codec.der.decoder.decode(unknown_enc)
(Sequence().setComponentByPosition(0, Sequence().setComponentByPosition(0, 
ObjectIdentifier(2.16.840.1.101.3.4.2.1))).setComponentByPosition(1, 
OctetString(hexValue='')),
 '')

There's an extra setComponentByPosition(1, Null('')) in the properly 
encoded ASN.1. It would appear that the library you're using *is* 
trying to generate a PKCS#1 v1.5 message, but that it ends up with a 
slightly different DER encoding than what is defined for OpenPGP. You 
will have to find a way to generate a EMSA-PKCS1-v1_5 structure that is 
compatible to RFC 4880 (and RFC 3447 PKCS #1 Version 2.1).

I don't know much about ASN.1, so I can't really say anything useful 
about the results of the experiment above.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG Signature Verification

2017-04-24 Thread Peter Lebbing 
On 20/04/17 21:17, Paul Taukatch wrote:
> Does anyone know exactly what this verify data is comprised of?

"data" seems to be correct: it is an EMSA-PKCS1-v1_5 encoded RSA SHA-256
signature. As RFC 3447 states:

EM = 0x00 || 0x01 || PS || 0x00 || T.

PS is a string of binary 1's to fill up the remaining space in the RSA
message, and T is a constant DER-encoding of SHA-256 followed by the
actual signature. The constant portion is in both RFC 3447 and RFC 4880:

 The full hash prefixes for these are as follows:

[...]

   SHA256: 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
   0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
   0x00, 0x04, 0x20

The part of "cmp" that would correspond to the constant part of the DER
encoding I do not recognise. My guess is that you did not instruct the
library you're using to generate the signature to create an
EMSA-PKCS1-v1_5 encoding, and that's why it is generating an RSA message
that differs in construction.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG Signature Verification

2017-04-24 Thread Paul Taukatch 

Appreciate the feedback but I have indeed reread the RFC specification
quite thoroughly and still can't seem to figure out the issue. Don't mean
to spam the mailing list but is there any chance someone might have a bit
more insight into this. Quite stumped!

Thanks,
Paul Taukatch
Advanced Technologies Team / zOS Cloud Crypto




From:   Kristian Fiskerstrand
<kristian.fiskerstr...@sumptuouscapital.com>
To: Paul Taukatch/Poughkeepsie/IBM@IBMUS, gnupg-users@gnupg.org
Date:   04/21/2017 06:29 AM
Subject:    Re: GPG Signature Verification



On 04/21/2017 09:16 AM, Kristian Fiskerstrand wrote:
> On 04/20/2017 09:17 PM, Paul Taukatch wrote:
>> I've attached my public key and debug log but please let me know if
there
>> is any other information that might be helpful.
>
> The first reference that springs to mind is [RFC4880] Section 5.2.4.
> Computing Signatures

Of course you already mentioned this in your initial email :) Looks
correct to me.


--

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"If your kids are giving you a headache, follow the directions on the
aspirin bottle, especially the part that says "keep away from children."
(Neil McElroy)

[attachment "signature.asc" deleted by Paul Taukatch/Poughkeepsie/IBM]
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG Signature Verification

2017-04-21 Thread Kristian Fiskerstrand 
On 04/21/2017 09:16 AM, Kristian Fiskerstrand wrote:
> On 04/20/2017 09:17 PM, Paul Taukatch wrote:
>> I've attached my public key and debug log but please let me know if there
>> is any other information that might be helpful.
> 
> The first reference that springs to mind is [RFC4880] Section 5.2.4.
> Computing Signatures

Of course you already mentioned this in your initial email :) Looks
correct to me.


-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"If your kids are giving you a headache, follow the directions on the
aspirin bottle, especially the part that says "keep away from children."
(Neil McElroy)



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG Signature Verification

2017-04-21 Thread Kristian Fiskerstrand 
On 04/20/2017 09:17 PM, Paul Taukatch wrote:
> I've attached my public key and debug log but please let me know if there
> is any other information that might be helpful.

The first reference that springs to mind is [RFC4880] Section 5.2.4.
Computing Signatures

References:
[RFC4880]
https://tools.ietf.org/rfc/rfc4880.txt
-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"By three methods we may learn wisdom: First, by reflection, which is
noblest; Second, by imitation, which is easiest; and third by
experience, which is the bitterest."
(Confucius)



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GPG Signature Verification

2017-04-20 Thread Paul Taukatch 


Hello and thank you for taking the time to help out!

I am developing my own implementation of the PGP specification and have a
question regarding the signature generation/verification for Transferable
Public Keys that maybe one of you could help shed some light on. Currently
I create a single primary RSA key and userID and bind the two with a
certification self-signature (0x13). When importing this certificate into
GPG I get a  a signature verification failure which prevents the
certificate from importing.

I've read through the rfc4880, 5.2.4 - Computing Signatures section quite
thoroughly and believe I am generating the signature properly - Signing the
Hash context of the primary key + user ID + signature data (V4).

One thing I notice in the debug info is that the first  several few bytes
of the  rsa_verify data and rsa_verify cmp do not match.

DBG: rsa_verify
data:+01ff \
DBG:
 \
DBG:ff0030
31300d06096086480165030402010500042007 \
DBG:
3d952c71b2d7c2c945c60f828f087e1d517774f84fe30825f18709659466e7

DBG: rsa_verify
cmp:+01ff \
DBG:
 \
DBG:ff0030
2f300b0609608648016503040201042007 \
DBG:
3d952c71b2d7c2c945c60f828f087e1d517774f84fe30825f18709659466e7

Does anyone know exactly what this verify data is comprised of? I notice
that the hash of the (Primary Key + UserID + Signature Data hash context) =
073D952C71B2D7C2C945C60F828F087E1D517774F84FE30825F18709659466E7 which
seems to match for both the verify data and cmp.

I've attached my public key and debug log but please let me know if there
is any other information that might be helpful.

(See attached file: exportZPGPTest.bin)(See attached file: debug.txt)

Thanks Again!


exportZPGPTest.bin
Description: Binary data
gpg: NOTE: no default option file 
`C:/Users/IBM_ADMIN/AppData/Roaming/gnupg/gpg.conf'
gpg: enabled debug flags: packet mpi cipher filter iobuf memory cache memstat 
trust hashing extprog cardio assuan
gpg: DBG: fd_cache_open (C:\\cygwin\\home\\Paul\\exportZPGPTest.bin) not cached
gpg: DBG: iobuf-1.0: open `C:\\cygwin\\home\\Paul\\exportZPGPTest.bin' fd=216
gpg: DBG: armor-filter: control: 5
gpg: DBG: iobuf-1.1: push `armor_filter'
gpg: DBG: armor-filter: control: 5
gpg: DBG: iobuf chain: 1.1 `armor_filter' filter_eof=0 start=0 len=0
gpg: DBG: iobuf chain: 1.0 `file_filter(fd)' filter_eof=0 start=0 len=0
gpg: DBG: armor-filter: control: 1
gpg: DBG: iobuf-1.1: underflow: req=8192
gpg: DBG: armor-filter: control: 3
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=489 rc=0
gpg: DBG: iobuf-1.1: underflow: got=339 rc=0
gpg: DBG: parse_packet(iob=1): type=6 length=266 (new_ctb) 
(parse.../../gnupg2-2.0.30/g10/import.c.426)
gpg: DBG: parse_packet(iob=1): type=13 length=33 (new_ctb) 
(parse.../../gnupg2-2.0.30/g10/import.c.426)
gpg: DBG: parse_packet(iob=1): type=2 length=183 (new_ctb) 
(parse.../../gnupg2-2.0.30/g10/import.c.426)
gpg: DBG: iobuf-1.1: underflow: req=8192
gpg: DBG: armor-filter: control: 3
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1
gpg: DBG: C:\\cygwin\\home\\Paul\\exportZPGPTest.bin: close handle 00D8
gpg: DBG: fd_cache_close (C:\\cygwin\\home\\Paul\\exportZPGPTest.bin) new slot 
created
gpg: DBG: iobuf-1.0: underflow: eof
gpg: DBG: iobuf-1.1: underflow: got=150 rc=0
gpg: DBG: iobuf-1.1: underflow: req=8192
gpg: DBG: armor-filter: control: 3
gpg: DBG: iobuf-1.0: underflow: eof (due to filter eof)
gpg: DBG: iobuf-1.1: underflow: got=0 rc=-1
gpg: DBG: armor-filter: control: 2
gpg: DBG: iobuf-1.1: pop in underflow (!len)
gpg: DBG: iobuf chain: 1.0 `[none]' filter_eof=0 start=489 len=489
gpg: DBG: iobuf-1.0: underflow: eof
DBG: rsa_verify 
data:+01ff \
DBG:  
 \
DBG:  
ff003031300d06096086480165030402010500042007 \
DBG:  
3d952c71b2d7c2c945c60f828f087e1d517774f84fe30825f18709659466e7
DBG: rsa_verify  
sig:+4b51361220fd95fd2a927d40e18408a37d3a2dcad3394afe71e2236181f612a6 \
DBG:  
0e425b0cd93c7f0d1039717a86a054f5900519266fd23c09d40944ff9c8ae8e8 \
DBG:  
1e40d9aa7e22447503625f7fdb825abb49e4aef939d58ff3678b338c6bcfa8ef \
DBG:  
41e5eac439d49a94483e5d923590895b8e6f3b6ae00c5f0c0d5a9dc47cbb8e46
DBG: rsa_verify
n:+e2bcdf54bea85f021949eb68eb5641d829b2020d76e6ec224fe41fc5da38ffd5 \
DBG:  
fc8bd703ae7c2af04155a5896756d5c91fcf9d1fb45c83d74fbeeb1369423e15 \
DBG:  
32b26af4d47e354b6761db4a9244bfc7e017c8568ada52e399bd14f3c53e6a6a \
DBG:

Re: GPG signature verification problem?

2007-04-19 Thread Werner Koch 
On Wed, 18 Apr 2007 22:59, [EMAIL PROTECTED] said:

 Interestingly, with GPGol both signatures verified correctly!

It uses MIME parser code I wrote and thus tehre is some chance that it
actually worked ;-)

 While attempts to use GPG4Win directly (open the email piece and
 run GPG4Win on the Current Window) fail with BAD signature.

What do you mean by running Gpg4win directly?  Running the GPA, WinPT or
GPGee?



Salam-Shalom,

   Werner


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: GPG signature verification problem?

2007-04-19 Thread Blumenthal, Uri 
 Interestingly, with GPGol both signatures verified correctly!

It uses MIME parser code I wrote and thus there is
some chance that it actually worked ;-)

Yes it worked!  :-)

 While attempts to use GPG4Win directly (open
 the email piece and run GPG4Win on the Current
 Window) fail with BAD signature.

 What do you mean by running Gpg4win directly? 
 Running the GPA, WinPT or GPGee?

Specifically I ran WinPT - the part of it which allows
Decrypting/verifying contents of the current window.

Thank you!

***
Bear Stearns is not responsible for any recommendation, solicitation, 
offer or agreement or any information about any transaction, customer 
account or account activity contained in this communication.
***

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: GPG signature verification problem?

2007-04-19 Thread Blumenthal, Uri 
 You're getting Bad signature because gpg can't
 find the key.

I've imported the key manually, and the result is still the same (Bad
signature). GPGol has no problem verifying signature over that same
message in the same Outlook window.

 And it can't find it because the keyserver helper
 program is being blocked at your proxy server.

I've set the appropriate fields for HTTP proxy, including user name and
password. WinPT still crashes on attempt to contact remote keyserver
when I ask it to search for a key.

 If that doesn't work, you may either
  a) ask the Net-gods to open the keyserver port, 11371. Or,
  b) try to locate a keyserver operation on port 80.

Yes, both are reasonable things to do - but they don't apply to this one
particular case.


***
Bear Stearns is not responsible for any recommendation, solicitation, 
offer or agreement or any information about any transaction, customer 
account or account activity contained in this communication.
***

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GPG signature verification problem?

2007-04-18 Thread Blumenthal, Uri 
I've tried to verify signature of the email that arrived from gnupg
mailing list (sent by Ryan).

Verification fails, with the following error message. I'm using
GPG-v.1.4.7, and Thunderbird/Enigmail.

Could somebody with a clue explain me what's wrong, and whether it's a
problem with my config (and if so - what I should look at), or whether
it's a bug in GPG?

gpg command line and output:,C:\\Program Files\\GNU\\GnuPG\\gpg.exe
--charset utf8  --batch --no-tty --status-fd 2 -d,gpg: invalid radix64
character 3A skipped,gpg: invalid radix64 character 2E skipped,gpg:
invalid radix64 character 2E skipped,gpg: invalid radix64 character 28
skipped,gpg: invalid radix64 character 29 skipped,gpg: CRC error; B76AE6
- 431CA8,gpg: [don't know]: invalid packet (ctb=55)

Thank you!
--
Regards,
Uri Blumenthal
Disclaimer

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert J. Hansen
Sent: Wednesday, April 18, 2007 10:14 AM
To: Ryan Malayter
Cc: gnupg-users@gnupg.org
Subject: Re: Quantum computing

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

 Note that breaking Diffie-Hellman and other discrete logarithm based
 algorithms is thought to be nearly equivalent to factoring, but has
 not been proven to be so.

Going off the top of my head, the DLP is known to be greater than or  
equal to the difficulty of the IFP.  You can make strong arguments  
that they're equal difficulty in a computational-theoretic sense, and  
you can make strong arguments that in real silicon DLP will be  
stronger due to our current lack of understanding of how to  
efficiently use the general number field sieve for the DLP.  The  
current state of the art in the GNFS requires a large amount of  
storage overhead for the DLP, while the storage overhead for the IFP  
is comparatively minimal.

As a word of warning, comparing DLP to IFP is a spectacularly black  
art.  There are so many nuances to it that just expressing some of  
the ideas in English is difficult.

As further warning: it's 9:10am, I haven't yet had my morning cup of  
coffee, and I'm working without my references.  This being the  
internet, there's also a nonzero chance that I'm barking mad.   
Confirm this information before relying on it.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (Darwin)

iQEcBAEBCgAGBQJGJierAAoJELcA9IL+r4EJSgoH/jz2SyN/4ZfAsnoJossJn6cp
/b/CND53iaqPnIv6vKcjDNfseBYdp2ZRHTZPw1ZVhd9+zdUwKr8IfVmFh8+XA/Ra
ayEnbf/OzfVw+VK9nSJfvroHBZnW/UQYFkwFsCpwYpXLDSab1JjNPV1Ys67lqx3e
gnM2w0fjDoXwE0hI+InCceL+bptOIpZL+xQN3AgYRovsUGG5rwngjOPk31+5SCFV
iMe1msmNhOV8KWcIkOFHeRZQxHKMtDVoZfSnv7BLYh4Ufh/moNDpIF9RI1/JuwJI
5eSXPEAzNAOXSxqyyrd5YC9ykMxMss69/BD7I6yfBQxHCcskUBjDsynxjLg+2NQ=
=Qxyo
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
***
Bear Stearns is not responsible for any recommendation, solicitation, 
offer or agreement or any information about any transaction, customer 
account or account activity contained in this communication.
***

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG signature verification problem?

2007-04-18 Thread Werner Koch 
On Wed, 18 Apr 2007 17:20, [EMAIL PROTECTED] said:

 Verification fails, with the following error message. I'm using
 GPG-v.1.4.7, and Thunderbird/Enigmail.

That seems to be TB problem.  I have no problems to verify the mail.

 --charset utf8  --batch --no-tty --status-fd 2 -d,gpg: invalid radix64
 character 3A skipped,gpg: invalid radix64 character 2E skipped,gpg:
 invalid radix64 character 2E skipped,gpg: invalid radix64 character 28

The base 64 encoding of the signature is broken. 


Salam-Shalom,

   Werner




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG signature verification problem?

2007-04-18 Thread Charly Avital 
Blumenthal, Uri wrote the following on 4/18/07 8:14 PM:
 I have verified the e-mail (sent by Robert), twice: in the
 original message from Robert, and in Robert's quoted message
 in Uri's e-mail. Good signature.
 
 That's a convincing proof.
 
 The base 64 encoding of the signature is broken.
 Uri: do you get blank spaces in Robert's signature?
 
 Not that I can see... Every line except for the 
 very last one is full, and seems to have no weird
 characters (nor blanks) in it...

The signature text is displayed in lines of 64 ASCII characters. Blank
spaces are not ASCII characters, they would have broken the base 64 of
the signature.

The last line of a signature is composed of five ASCII characters.

The line before that last one can have less than 64 ASCII characters.


 On the other hand
 in your signature encoding, before the last short
 line the supposedly-long line appears truncated.

Could you verify my signature?

 
 Here's Robert's sig again:
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.7 (Darwin)
 
 iQEcBAEBCgAGBQJGJiWiAAoJELcA9IL+r4EJCTcH/RUOxI6RNuuu2WaCpAeJLfHs
 0u+KzJ6MALtonHQOkAbhDTw8zTC+OTHEuN/t2+dwli6E8r7F61RIMpLyPiZpfS0y
 rQjHMqJPMdr7Xerhn1haGdov2MzbvtloqHBEP9T65fstTEYBXoYMDSNhYVRV1Fpz
 g+is39fVr6D3LZ5W50VQhtTwmcpGM7ZKl4XSgqtv2UwwPM7dYjMQ+Qgz+5MnPLe3
 wZlD06/bvrbY5InFRQFMaFhNtVAC6v42G6W8AOv8WD0kXJCopUGOwYelQ40qhdug
 DvXWxpApv7jgmStms63AlG3TjQemwF3rkreFsk9IClAZ5T3EpTafqVd3HC4oYBc=
 =OqFT
 -END PGP SIGNATURE-

Seems fine.

 
 
 
 Here's your sig:
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.3 (Darwin)
 Comment: GnuPG for Privacy
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iQEVAwUBRiZKPc3GMi2FW4PvAQheawf/SDxB8cfw8chNrPDWXyY6Hat7NZtcitzR
 /fjqWbEXQ5tM7fEmGNtbEWVLwGwBLrO1Cnf12YVNI2tV5HeeE7e9XQcdq826A4/C
 W2hSH1jhevAD+A9EVfOneAMKVOZwCOYTGVWVpBqUyHp9E1Of9QAS+HwCOibIdIKK
 QzoemFH4PR0pBEoycRJsIpfN8Wbpf2mOYiTi9XLCiRadcZeAbFWqVMOYFBQHZ8cY
 NATwN4NHPgFE6wMVodJuBYcMupn1T5AatvlLLgB1YwJLjyKhT7ASwzp4Jlg40ho5
 EMqCQHEEcEn7bUnz1+0tUEWR60CaPd1ZDB3gocuQd6tIvwReH5kctA==
 =8BZI
 -END PGP SIGNATURE-

Could you verify my signature?

Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG signature verification problem?

2007-04-18 Thread Charly Avital 
Blumenthal, Uri wrote the following on 4/18/07 8:14 PM:
 I have verified the e-mail (sent by Robert), twice: in the
 original message from Robert, and in Robert's quoted message
 in Uri's e-mail. Good signature.
 
 That's a convincing proof.
 
 The base 64 encoding of the signature is broken.
 Uri: do you get blank spaces in Robert's signature?
 
 Not that I can see... Every line except for the 
 very last one is full, and seems to have no weird
 characters (nor blanks) in it...

The signature text is displayed in lines of 64 ASCII characters. Blank
spaces are not ASCII characters, they would have broken the base 64 of
the signature.

The last line of a signature is composed of five ASCII characters.

The line before that last one can have less than 64 ASCII characters.


 On the other hand
 in your signature encoding, before the last short
 line the supposedly-long line appears truncated.

Could you verify my signature?

 
 Here's Robert's sig again:
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.7 (Darwin)
 
 iQEcBAEBCgAGBQJGJiWiAAoJELcA9IL+r4EJCTcH/RUOxI6RNuuu2WaCpAeJLfHs
 0u+KzJ6MALtonHQOkAbhDTw8zTC+OTHEuN/t2+dwli6E8r7F61RIMpLyPiZpfS0y
 rQjHMqJPMdr7Xerhn1haGdov2MzbvtloqHBEP9T65fstTEYBXoYMDSNhYVRV1Fpz
 g+is39fVr6D3LZ5W50VQhtTwmcpGM7ZKl4XSgqtv2UwwPM7dYjMQ+Qgz+5MnPLe3
 wZlD06/bvrbY5InFRQFMaFhNtVAC6v42G6W8AOv8WD0kXJCopUGOwYelQ40qhdug
 DvXWxpApv7jgmStms63AlG3TjQemwF3rkreFsk9IClAZ5T3EpTafqVd3HC4oYBc=
 =OqFT
 -END PGP SIGNATURE-

Seems fine.

 
 
 
 Here's your sig:
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.3 (Darwin)
 Comment: GnuPG for Privacy
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iQEVAwUBRiZKPc3GMi2FW4PvAQheawf/SDxB8cfw8chNrPDWXyY6Hat7NZtcitzR
 /fjqWbEXQ5tM7fEmGNtbEWVLwGwBLrO1Cnf12YVNI2tV5HeeE7e9XQcdq826A4/C
 W2hSH1jhevAD+A9EVfOneAMKVOZwCOYTGVWVpBqUyHp9E1Of9QAS+HwCOibIdIKK
 QzoemFH4PR0pBEoycRJsIpfN8Wbpf2mOYiTi9XLCiRadcZeAbFWqVMOYFBQHZ8cY
 NATwN4NHPgFE6wMVodJuBYcMupn1T5AatvlLLgB1YwJLjyKhT7ASwzp4Jlg40ho5
 EMqCQHEEcEn7bUnz1+0tUEWR60CaPd1ZDB3gocuQd6tIvwReH5kctA==
 =8BZI
 -END PGP SIGNATURE-

Could you verify my signature?

Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPG signature verification problem?

2007-04-18 Thread John Clizbe 
Blumenthal, Uri wrote:
 Interestingly, with GPGol both signatures verified correctly!
 
 While attempts to use GPG4Win directly (open the email piece and
 run GPG4Win on the Current Window) fail with BAD signature.
 
 And GPG4Win crashes at the attempt to retrieve a key from the
 remote keyserver (from behind HTTP proxy).

You're getting Bad signature because gpg can't find the key. And it can't find
it because the keyserver helper program is being blocked at your proxy server.

In addition to auto-key-retrieve, try specifying http-proxy[=value] as part of
the keyserver-options line in gpg.conf.

From the gpg man page:

  http-proxy[=value]
For HTTP-like keyserver schemes that (such as HKP
and HTTP itself), try to access the keyserver over
a proxy. If a value is specified, use this as the
HTTP proxy. If no value is specified, the value of
the environment variable http_proxy, if any, will
be used.

If that doesn't work, you may either

  a) ask the Net-gods to open the keyserver port, 11371. Or,
  b) try to locate a keyserver operation on port 80.

-- 
John P. Clizbe  Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
what's the key to success?/ two words: good decisions.
what's the key to good decisions? /  one word: experience.
how do i get experience?  / two words: bad decisions.

Just how do the residents of Haiku, Hawai'i hold conversations?



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users