[Gpg4win-users-en] Checking signatures in emails on Windows 10

Bernhard Reiter bernhard at intevation.de
Thu Oct 10 10:05:33 CEST 2019

Hello Gerard,

Am Mittwoch 09 Oktober 2019 13:42:04 schrieb Gerard Seibert:
> I am running Windows 10 with the latest version of GPG4Win. I have my
> MUA, "claws-mail" configured to use GPG4Win to check email signatures.
> This usually works fine. However, for some unknown reason, it fails
> with certain signatures.

> https://seibercom.net/logs/Good_Sig
> https://seibercom.net/logs/Bad_Sig

the let us do some more analysis.
a) Opening both emails in a different client here (KMail e3.5 on Debian)
   and getting the pubkey: Confirms your observation.

b) Taking a look at the email structure: It is a deprecated no-MIME
   mail. This means we can use gpg directly to analyse it.

c) gpg --verify on both files show: same situation.
   This is good as we have now excluded the email client and the mail
   structure itself.

d) Let us use the diagnostic steps of gpg itself. 
    gpg -vvv --verify
    Hmm, no obvious difference, so maybe the signer made a mistake
    or the message actually got modified. Maybe you can ask the 
    sender to zip and send you the original, if you suspect this to
    be a transport problem.

e) Searching for other differences between the two files.
   Note that Good_Sig has a different format, most lines are
   not longer than 68 chars and there are trailing spaces at
   some lines. Bad_Sig has lines which are much longer, e.g. 86
   chars. So it seems the two mail may have gone through two different
   processing chains at the sender. This could contribute to the cause,
   maybe one chain works and the other does not.

It's cool to see Microsoft using OpenPGP to sign emails, btw.

Hope I could help.

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20191010/ccacea2f/attachment.sig>

More information about the Gpg4win-users-en mailing list