[Gpg4win-users-en] Checking signatures in emails on Windows 10
bernhard at intevation.de
Thu Oct 10 10:05:33 CEST 2019
Am Mittwoch 09 Oktober 2019 13:42:04 schrieb Gerard Seibert:
> I am running Windows 10 with the latest version of GPG4Win. I have my
> MUA, "claws-mail" configured to use GPG4Win to check email signatures.
> This usually works fine. However, for some unknown reason, it fails
> with certain signatures.
the let us do some more analysis.
a) Opening both emails in a different client here (KMail e3.5 on Debian)
and getting the pubkey: Confirms your observation.
b) Taking a look at the email structure: It is a deprecated no-MIME
mail. This means we can use gpg directly to analyse it.
c) gpg --verify on both files show: same situation.
This is good as we have now excluded the email client and the mail
d) Let us use the diagnostic steps of gpg itself.
gpg -vvv --verify
Hmm, no obvious difference, so maybe the signer made a mistake
or the message actually got modified. Maybe you can ask the
sender to zip and send you the original, if you suspect this to
be a transport problem.
e) Searching for other differences between the two files.
Note that Good_Sig has a different format, most lines are
not longer than 68 chars and there are trailing spaces at
some lines. Bad_Sig has lines which are much longer, e.g. 86
chars. So it seems the two mail may have gone through two different
processing chains at the sender. This could contribute to the cause,
maybe one chain works and the other does not.
It's cool to see Microsoft using OpenPGP to sign emails, btw.
Hope I could help.
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: This is a digitally signed message part.
More information about the Gpg4win-users-en