On 28/09/17 13:30, Andrew Gallagher wrote: > What specific error are you getting? I don't see any errors using > --check-sigs on that key, but then I don't trust Governikus so I'm not > performing the same test that you are.
Are you sure you had the Governikus key in your keyring? I am seeing the same as Stefan: the signature is bad. It says sig-3, the dash indicates failure. It should have been sig!3 for a good signature. For reference, this is the Governikus signature in --list-packets format: :signature packet: algo 1, keyid 5E5CCCB4A4BF43D7 version 4, created 1506196241, md5len 0, sigclass 0x13 digest algo 8, begin of digest 6b 6e hashed subpkt 2 len 4 (sig created 2017-09-23) hashed subpkt 5 len 2 (trust signature of depth 1, value 60) subpkt 16 len 8 (issuer key ID 5E5CCCB4A4BF43D7) data: [4095 bits] It is a SHA256 trust signature issued by an RSA key. I think it's odd they issue a level 1 partial trust signature, but I'd guess they think they're doing their users a service by making it possible to automatically assign partial trust to all keys signed by them, if you want to. Don't worry, this won't happen unless you issue at least a level 2 trust signature to Governikus. At least, I'm fairly sure it's not enough to simply assign full ownertrust to Governikus, ownertrust and trust signatures don't interact, right? I don't see anything yet that stands out to me as "this must be why it's a bad signature". But we can always dig deeper. Using gpg's debugging output, it is clear that the RSA signature is well-formed, but the hash doesn't match. If I read it right, GnuPG wants the hash to be: 8fa83f9358156973aa13d8bec76f29f960a5ef0baf4f9ecb63df7a0296ea1f46 But the Governikus signature hash is: 6b6e7c7823d29203332faae25a3abb18a7e36689a77e5f32feb57c73e7e0ec48 I didn't actually parse the ASN.1, though, I simply used common sense: the signature packet indicates the Governikus hash starts with 6b 6e, and the length is correct for a SHA-256 hash, so it makes sense that the ASN.1 ends with the pure hash. Haven't thought about endianness. I don't know what could cause this. This is as far as I can go. Perhaps a developer recognises the situation. Here's the debugging output: --8<---------------cut here---------------start------------->8--- gpg: DBG: rsa_verify data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffff003031300d0609608648016503040201050004208f \ gpg: DBG: a83f9358156973aa13d8bec76f29f960a5ef0baf4f9ecb63df7a0296ea1f46 gpg: DBG: rsa_verify sig:+7c0d84121a51ae5f5e99d131fc0e0e1e9157b03375b65bfd706aef1b42776ccd \ gpg: DBG: c5ef1d4c7a4a77733af8f49648000e2c779e176e4874609ca3d22a88beac09c4 \ gpg: DBG: f4556a9a25636ac6acc33e366356fb71f7c702771a622773ab55fe00cb4d3f71 \ gpg: DBG: 6d291871302dc35e0ecd9a37cf60887d9b65e2f751172eb9c81e5c9bb76d3b07 \ gpg: DBG: f2589f29196761f39d9786956ba8d20a2a4df6f0157861bc49a972d923567135 \ gpg: DBG: a45bcaf8bded2a55edcdadd7109fef620b533fabb0a29bcf4a254a2a6043be46 \ gpg: DBG: be8606d0e21075a1b1927f3a3c846a21abb52d64c3260c451a7a9688ff290caf \ gpg: DBG: 9be60639618cd547dd6ad5beed0dd0167ba01fafbcf0b8650b02bd47166d5705 \ gpg: DBG: 2b30fd7314625b925b4638469524b54d084f1e4bec5fd3ed19b576fc25fffe27 \ gpg: DBG: cf71b534be9cf865f4db030bf99f2617f4520c6c47bf94593af2fe91800cc838 \ gpg: DBG: 8e43c86864d5338b53ef88d65657b5ba241072cdc4b1744b44bd01ccbf9e8124 \ gpg: DBG: 83fb23c00e94900bd94c3070c0dfbfd85a8244e07b22f275376dd9ba8b8af16b \ gpg: DBG: 6f79ed424330e4b4611478863ad67819a1a12fe86ec6bb466d8823d5982c462a \ gpg: DBG: 4a2f35a8369092487d66d12f75e7701205e2d3b6b5932e01a98d66e2ac61243a \ gpg: DBG: d97d8f5c46d7d965d27e1dbaee09af1c2787121845d11a73c8a3b5b6dc66d44b \ gpg: DBG: d849cd96decb42ad8d4d7df80da7aa9ddc072c37fea1cf68c349d7c3a4909e2a gpg: DBG: rsa_verify n:+ac04bff70099263c05a8a3be359f82648d18b3b0e5b7fd15994c438683ba175b \ gpg: DBG: 7d6763f59f8778f01957fa82a3edcc94896de20f1fe8b0e4d214db863f18013f \ gpg: DBG: 8e4ab9b4d16e4381cca8b877db3399a99aa8475c6ba9b6e04143e5e55ac8c438 \ gpg: DBG: 323e5365abef50c0468dc8afeb03cd0e15846393d5a52aaa7b60ade16b834214 \ gpg: DBG: d8be2000ac9550327215c2e8da95cd8e5ba60dbf2846f139ffd44e1e3a1dd366 \ gpg: DBG: e3e7c0a7c1dd8924501e8f93bfb18020fbae5c3f942a0e8b0c61f5561ee9b17d \ gpg: DBG: 23521cabc4c26213236720824a0356c34af4e22ee1da9dde2d151e1b0b0e04d6 \ gpg: DBG: a63df7817aadaa43964bd57de7c1c4d0092ba132a9e5bd8bb05335d5e195a5b4 \ gpg: DBG: c47d121004021f3648a13da771edf0a48601fc047b9aa54d4f58fba2f53b680e \ gpg: DBG: 29e2e8c6101f050fc5035f08f38300b1c799e6631efff5eb78c1d8898c6862cf \ gpg: DBG: 3cc167e371817499afff072f5b3f8e150a4c836580911d17f47fc460ae8d6547 \ gpg: DBG: ca4b067811cae95590e294e89610af96aeb834697d9525d86ce74129e432dc7c \ gpg: DBG: 4380807b1eb6fd5dfc5604ab3d050bf9f1ba589979f914717e11807b02787681 \ gpg: DBG: 66b729babd216b2e85beb3565d2583fc1fff7c69a6ec91226b40b2fe0aead4f9 \ gpg: DBG: 7625d05eb251e3ab8a85f16981c85ec03d745db81dee38ca948e4aa5aff14529 \ gpg: DBG: f6ae044278dec55f50ccb7c918d7f9b41443df640ddebc7d1632bf90d47dc9cf gpg: DBG: rsa_verify e:+010001 gpg: DBG: rsa_verify cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ gpg: DBG: ffffffffffffffffffffff003031300d0609608648016503040201050004206b \ gpg: DBG: 6e7c7823d29203332faae25a3abb18a7e36689a77e5f32feb57c73e7e0ec48 gpg: DBG: rsa_verify => Bad signature --8<---------------cut here---------------end--------------->8--- HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users