Yum problems

Joe(theWordy)Philbrook jtwdyp at ttlc.net
Fri Sep 10 06:46:04 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It would appear that on Sep 10, Alexander Dalloz did say:

> 
> Am Fr, den 10.09.2004 schrieb Cassius V. de Magalhaes um 2:25:
> 
> > Could you send me your public key, please?
> 
> You mean my GPG public my? It is online on the PGP servers, i.e.
> 
> http://pgp.upb.de:11371/pks/lookup?op=get&search=0xED695653
> 
> Alexander

Alexander, as one of the more knowledgeable people on this list, (and one
who uses a detached gpg sig) I was hopping you would explain something
to me about how to manually verify your sig... Because even when I add a
nice utility like ez-pine-gpg v0.4c to pine, it can only deal with
embedded sigs in the message body. And if I want to verify something
sent with a detached sig, I'd have to do it outside the mail client.
(I have imported your gpg key to my key ring, but it does not work for me)

I'm using your Message-ID: <1094782700.3881.1257.camel at serendipity.dogma.lan>
as an example.

When I read it with pine it tells me it consists of 

Parts/Attachments:
   1.1 Shown    ~15 lines  Text
   1.2          196 bytes  Application, "Dies ist ein digital signierter Nachric
   2   Shown      4 lines  Text

Of course the description of the "digital signierter" is truncated by
the 80 column display...

NOTE: the following quoted lines were prefixed with "=> " characters.

Since part/attachment "2" consists of:

=> --
=> fedora-list mailing list
=> fedora-list at redhat.com
=> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

I presumed it wasn't part of the signed text. And that part/attachment "1.1"
is the signed text, Which I saved as a file "text.txt" and I also presumed
that part/attachment "1.2" is the detached sig. Which was saved as 
signature.asc...But when I also saved part/attachment "2" as text2.txt
and included it in the gpg command line the results were the same as
shown below. As were the results of using only the text2.txt file as the
signed text and omitting the text.txt...

Note in the following quoted screen capture my two line bash command prompt
appears as:
=> jtwdyp -> /home/jtwdyp/com/dnlo
=> > 

=> jtwdyp -> /home/jtwdyp/com/dnlo
=> > gpg --verify signature.asc text.txt
=> gpg: WARNING: using insecure memory!
=> gpg: please see http://www.gnupg.org/faq.html for more information
=> gpg: Signature made Thu 09 Sep 2004 10:18:20 PM EDT using DSA key ID
=> ED695653
=> gpg: BAD signature from "Alexander Dalloz
=> <alexander.dalloz at uni-bielefeld.de>"
=> jtwdyp -> /home/jtwdyp/com/dnlo
=> > cat signature.asc text.txt
=> -----BEGIN PGP SIGNATURE-----
=> Version: GnuPG v1.2.4 (GNU/Linux)
=> 
=> iD8DBQBBQQ7s4ZduiO1pVlMRAo5mAKDokU/olds68BJi4lZUCpfkxzoGTgCg+N1K
=> 0ykYwKaZnkt6QXzEfgGs1tI=
=> =xYLL
=> -----END PGP SIGNATURE-----
=> Am Fr, den 10.09.2004 schrieb Cassius V. de Magalhaes um 2:25:
=> 
=> > Could you send me your public key, please?
=> 
=> You mean my GPG public my? It is online on the PGP servers, i.e.
=> 
=> http://pgp.upb.de:11371/pks/lookup?op=get&search=0xED695653
=> 
=> Alexander
=> 
=> 
=> --
=> Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
=> Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
=> Serendipity 04:17:33 up 11 days, 1:34, load average: 2.83, 2.59, 2.08
=> jtwdyp -> /home/jtwdyp/com/dnlo
=> >

Obviously I can't use this method to verify your sig. Does this mean
that when gpg is integrated with a mail client that uses detached sigs,
the message can only be verified by another gpg integrated mail client
and not by the gpg command line tool. Or am I just doing it wrong?

- -- 
|      ?           ?		
|			
|        -=-   -=-	 I'm NOT clueless...    	
|        <?>   <?>    	But I just don't know.  	
|            ^          Joe (theWordy) Philbrook           
|           ---  	     J(tWdy)P
|			  <jtwdyp at ttlc.net> 
|      ?           ?		


   ##############################################################
   # You can find my public gpg key at http://pgpkeys.mit.edu/  #
   ##############################################################

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBQUymRZ/61mwhY94RAhjkAJ9FW3NVzdGlLWLUTgVJRIhHuyasHgCgsfbU
eePW7fHL4OtG7T9t82zgfCo=
=IZ1H
-----END PGP SIGNATURE-----

More information about the fedora-list mailing list