Allie, Thanks for your help so far. I believe you and I are talking about the same thing and I may not know it yet. Rather than waste your time, I'll post a few questions on the "mysteries" of signature verification on the GnuPG list and after I get my education I'll get back to asking you, hopefully, a more intelligent question.
I understand you're talking about verifying encrypted and signed messages. I am attempting to verify the signature of the sender/signer/encrypter on the encrypted message *before* I decrypt it. That's what Eudora lets me do (with the added plugin which is not part of the Eudora distribution). As for a TB! plugin, as far as I can tell, it *is* part of the TB! version I'm using (1.62r) and I didn't have to install anything extra. Am I wrong? Yes, I do use GPG Shell. The message in question looks like this when I get it: -----BEGIN PGP MESSAGE----- Version: GnuPG v1.2.3rc1 (Darwin) Comment: GnuPG for Privacy hQIOAzk8sx+lJ8NdEAf/ei+1RbWEEprxWDyDJWvwyeE2VZ5gsBGxbQAPPBhE40jf DkgI/deNPpLPFSKbFFk84o4peQ5IfWfggh6qGTyH/NIWH+I1Hc5r+kwkAu+MPQy1 .... mDcUcytLXoohx4ylteVPnCyPLfhSZ4LzZ7HWrksK8dKB4wvPkWuRt6fascn85oT6 =7Q+y -----END PGP MESSAGE--- Obviously I shortened it to display it here. There is no additional signature file or block or anything of the sort. When I invoke GPG Shell, I first copy the message to the clipboard, and use the GPG-Tray menu "Clipboard Decrypt/Verify" which gets me the following response in a DOS window(Key IDs, email addresses and names masked): You need a passphrase to unlock the secret key for user: "Rafi Avital (insightful comment) <[EMAIL PROTECTED]>" 2048-bit ELG-E key, ID xxxxxxxx, created 2003-03-08 (main key ID xxxxxxxx) After entering my passphrase, the response is: gpg: encrypted with ELG-E key, ID xxxxxxxx gpg: encrypted with 2048-bit ELG-E key, ID xxxxxxxx, created 2011-05-06 "Rafi Avital (insightful comment) <[EMAIL PROTECTED]>" gpg: Signature made 07/19/03 22:23:32 Eastern Standard Time using DSA key ID C91B085E gpg: Good signature from "Daffy Duck (no comment) <[EMAIL PROTECTED]>" Press any key to continue . . . That's the part I'm looking for, "Good signature from..." After that, pressing any key will decrypt the contents of the clipboard and show me the decrypted message in a separate window graceously provided by GPG Shell. Note, that it has asked me for the passphrase before showing me the signature, which leads me to suspect that GPG Shell goes through the same process of listing the packet (i.e. looking in the encrypted content for the packet, therefore requiring the passphrase), then comparing it to the matching public key in my keyring. As I said, I'll go try to get smarter on the GnuPG list, if you have any insights and believe we won't bore everyone else here, by all means feel free to share them, or email me privately at [EMAIL PROTECTED] (a secondary account for me). Thanks and best regards ________________________________________________ Current version is 1.62r | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html