Allie,
Thanks for your help so far. I believe you and I are talking about
the same thing and I may not know it yet. Rather than waste your
time, I'll post a few questions on the "mysteries" of signature
verification on the GnuPG list and after I get my education I'll get
back to asking you, hopefully, a more intelligent question.
I understand you're talking about verifying encrypted and signed
messages. I am attempting to verify the signature of the
sender/signer/encrypter on the encrypted message *before* I decrypt
it. That's what Eudora lets me do (with the added plugin which is not
part of the Eudora distribution). As for a TB! plugin, as far as I
can tell, it *is* part of the TB! version I'm using (1.62r) and I
didn't have to install anything extra. Am I wrong?
Yes, I do use GPG Shell. The message in question looks like this when
I get it:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.3rc1 (Darwin)
Comment: GnuPG for Privacy
hQIOAzk8sx+lJ8NdEAf/ei+1RbWEEprxWDyDJWvwyeE2VZ5gsBGxbQAPPBhE40jf
DkgI/deNPpLPFSKbFFk84o4peQ5IfWfggh6qGTyH/NIWH+I1Hc5r+kwkAu+MPQy1
....
mDcUcytLXoohx4ylteVPnCyPLfhSZ4LzZ7HWrksK8dKB4wvPkWuRt6fascn85oT6
=7Q+y
-----END PGP MESSAGE---
Obviously I shortened it to display it here. There is no additional
signature file or block or anything of the sort. When I invoke GPG Shell, I
first copy the message to the clipboard, and use the GPG-Tray menu
"Clipboard Decrypt/Verify" which gets me the following response in a
DOS window(Key IDs, email addresses and names masked):
You need a passphrase to unlock the secret key for
user: "Rafi Avital (insightful comment) <[EMAIL PROTECTED]>"
2048-bit ELG-E key, ID xxxxxxxx, created 2003-03-08 (main key ID xxxxxxxx)
After entering my passphrase, the response is:
gpg: encrypted with ELG-E key, ID xxxxxxxx
gpg: encrypted with 2048-bit ELG-E key, ID xxxxxxxx, created 2011-05-06
"Rafi Avital (insightful comment) <[EMAIL PROTECTED]>"
gpg: Signature made 07/19/03 22:23:32 Eastern Standard Time using DSA key ID C91B085E
gpg: Good signature from "Daffy Duck (no comment) <[EMAIL PROTECTED]>"
Press any key to continue . . .
That's the part I'm looking for, "Good signature from..." After that,
pressing any key will decrypt the contents of the clipboard and show
me the decrypted message in a separate window graceously provided by
GPG Shell.
Note, that it has asked me for the passphrase before showing me the
signature, which leads me to suspect that GPG Shell goes through the
same process of listing the packet (i.e. looking in the encrypted
content for the packet, therefore requiring the passphrase), then
comparing it to the matching public key in my keyring.
As I said, I'll go try to get smarter on the GnuPG list, if you have
any insights and believe we won't bore everyone else here, by all
means feel free to share them, or email me privately at
[EMAIL PROTECTED] (a secondary account for me).
Thanks and best regards
________________________________________________
Current version is 1.62r | "Using TBUDL" information:
http://www.silverstones.com/thebat/TBUDLInfo.html
