[Gpg4win-users-en] Problems with Gpg4Win Verification Operations (and a couple of apparent bugs)

Juan Miguel Navarro Martínez juanmi.3000 at gmail.com
Tue May 26 23:17:57 CEST 2015


The information about Tails key was given in this post about the
transition from the old to the new one:

https://tails.boum.org/news/signing_key_transition/index.en.html

You can compare the IDs/Fingerprints which the ones you have, but I can
tell you yours matches.
L:
> Thanks. If that is the case, it should certainly be listed on the Tails
> site; I found no mention of the string there, when I last checked, only
> that of the developers key from the Tails site (you can download it
> there yourself):
> 
> User-ID:
> 
> 	
> 
> Tails developers (offline long-term identity key) <tails at boum.org>
> 
> Validity:
> 
> 	
> 
> from 2015-01-18 14:17 through 2016-01-11 14:17
> 
> Certificate type:
> 
> 	
> 
> 4,096-bit RSA
> 
> Certificate usage:
> 
> 	
> 
> Signing EMails and Files, Certifying other Certificates
> 
> Key-ID:
> 
> 	
> 
> 58ACD84F
> 
> Fingerprint:
> 
> 	
> 
> A490D0F4D311A4153E2BB7CADBB802B258ACD84F
> 
> 
> Neither can it be found among the IDs (see Technical Details):
> DBB802B258ACD84F/98FEC6BC752A3DB6/3C83DCB52F699C56
> Nor does it match anything stated in sig-iso verification. That was the
> whole point :)
> 
> 
> On 26/05/2015 04:37, Juan Miguel Navarro Martínez wrote:
>> L:
>>> 3) I will also try trusting the Tails key using my own key; still,
>>> Gpg4Win does offer the ability to " completely trust" a key without
>>> using your own, and even when this is the case, the key fails to
>>> appear in Kleopatra's trusted field, also an apparent bug. If the
>>> trusted field only admits keys when signed with your own, this
>>> should be made clear.
>>
>>
>> You can give a trust level using command-line but it won't affect
>> Kleopatra "Trusted keys" list, it only will show if you sign it with
>> your own key.
>>
>> I would try and confirm it but I'm having some problems here.
>>
>>> 4) This still fails to account for the unidentified string (short
>>> and post-key-imported long), unmatched to anything on the Tails
>>> site, the real issue. Can anyone account for this string
>>> (/0xBA2C222F44AC00ED9899389398FEC6BC752A3DB6)?
>>
>> That's Tails developers signing subkey:
>>
>> https://paste.debian.net/183806/
>>
>> See the second key fingerprint, it matches the 0xFingerprint key ID
>> format you typed.
>>
>>
>> _______________________________________________
>> Gpg4win-users-en mailing list
>> Gpg4win-users-en at wald.intevation.org
>>
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en
> 
> 
> 
> 
> 
> _______________________________________________
> Gpg4win-users-en mailing list
> Gpg4win-users-en at wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en
> 


-- 
Juan Miguel Navarro Martínez

GPG Keyfingerprint:
5A91 90D4 CF27 9D52 D62A
BC58 88E2 947F 9BC6 B3CF



More information about the Gpg4win-users-en mailing list