From lurker-index@localhost Tue Sep 20 02:27:35 2016 Return-Path: Received: from lin16.mojsite.com (178.218.164.164:993) by g0n.xdwgrp with IMAP4-SSL; 20 Sep 2016 00:27:34 -0000 Envelope-to: miro.rovis@croatiafidelis.hr Delivery-date: Tue, 20 Sep 2016 01:19:52 +0200 Received: from shtjevan.gbnet.net ([194.70.142.36]:58420 helo=gbnet.net) by lin16.mojsite.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.87) (envelope-from ) id 1bm7ql-0001YZ-0Z for miro.rovis@croatiafidelis.hr; Tue, 20 Sep 2016 01:19:47 +0200 Received: (qmail 28111 invoked by uid 611); 19 Sep 2016 23:16:42 -0000 Received: (qmail 28100 invoked from network); 19 Sep 2016 23:15:46 -0000 Received: from davin.gbnet.net (194.70.142.37) by shtjevan.gbnet.net with ESMTPS (DHE-RSA-AES256-SHA encrypted); 19 Sep 2016 23:15:46 -0000 Received: (qmail 18831 invoked from network); 19 Sep 2016 23:15:46 -0000 Received: from mail-1.fido.net (84.246.192.5) by davin.gbnet.net with ESMTPS (DHE-RSA-AES256-SHA encrypted); 19 Sep 2016 23:15:46 -0000 Received: from disorder-1-pt.tunnel.tserv3.fmt2.ipv6.he.net ([2001:470:1f04:51a::2] helo=acedia.primate.net) by mail-1.fido.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-SHA:256) (Exim 4.86) (envelope-from ) id 1bm7mk-0005lS-A6 for mutt-users@mutt.org; Tue, 20 Sep 2016 00:15:45 +0100 Received: from acedia.primate.net (localhost [127.0.0.1]) by acedia.primate.net (8.15.2/8.15.2/Debian-4) with ESMTPS id u8JNFSTk023067 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 19 Sep 2016 16:15:33 -0700 Received: (from itz@localhost) by acedia.primate.net (8.15.2/8.15.2/Submit) id u8JNFQcj023050 for mutt-users@mutt.org; Mon, 19 Sep 2016 16:15:26 -0700 X-Authentication-Warning: acedia.primate.net: itz set sender to itz@primate.net using -f Received: from [10.8.78.14] (helo=matica.foolinux.mooo.com) by ahiker.mooo.com with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1bm7mW-0007vp-3a for mutt-users@mutt.org; Mon, 19 Sep 2016 16:15:24 -0700 Received: from itz by matica.foolinux.mooo.com with local (Exim 4.87) (envelope-from ) id 1bm7mV-00018f-Pw for mutt-users@mutt.org; Mon, 19 Sep 2016 16:15:23 -0700 Date: Mon, 19 Sep 2016 16:15:23 -0700 From: Ian Zimmerman To: mutt-users@mutt.org Subject: Re: PGP sigs fail verification Message-ID: <20160919225636.3870.1E81EEA4@matica.foolinux.mooo.com> Reply-To: mutt-users@mutt.org Mail-Followup-To: mutt-users@mutt.org References: <20160917232509.GK31239@g0n.xdwgrp> <20160918051503.GO31239@g0n.xdwgrp> <20160918061803.4077.03047CF5@matica.foolinux.mooo.com> <20160919053542.13563.3494DAB5@matica.foolinux.mooo.com> <20160919103952.GA13914@x2.esmtp.org> <20160919141105.GF31779@g0n.xdwgrp> <20160919145833.uqsypbawzolll3ro@darac.org.uk> <20160919202536.GA31772@g0n.xdwgrp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160919202536.GA31772@g0n.xdwgrp> User-Agent: Mutt/1.5.24 (2015-08-30) Received-SPF: pass (mail-1.fido.net: domain of primate.net designates 2001:470:1f04:51a::2 as permitted sender) client-ip=2001:470:1f04:51a::2; envelope-from=itz@primate.net; helo=acedia.primate.net; X-SPF-Result: mail-1.fido.net: domain of primate.net designates 2001:470:1f04:51a::2 as permitted sender X-Filter-ID: s0sct1PQhAABKnZB5plbIYAKkrh5rwxlcg22BKDsrZOOCXPCA86NaNMUOKEdtvy1LIlSVjYxKd9o YFB5W5dM3eCU7hFHKMKhsTjn2LpSPx3rcxAODBZO2BOkcGk4nUtaCoFxbjkn4j2wmbuMZaTPtfvS HONLSNwM3hg96wTMCb7MuoF8+O4nOW1/LrNkEnp1u3gMPBoOkS/2keJj7H49E8qYe4reQDcpl+wi Tdhv5z0m1p+3PDq3+/rdYOhHmSgOfNyCGHT3pdYn46PZz018OHLYM3A6BXfvel8OEFDbU51GGcS0 5jgkiHUbDsEEOtjt+L+7RqYmIKy1pzAwQlJ/LOWBOXp8nHKe0R+FkIqN7hnvaGPfye0HD8TtnikE nytM9PxMY/zZGDe3cLPrK1e28YdMOxkGP0yM8z6aY72dVlGiAmsvxkPOxnV038SB0TJCttEXQn4A vqBFHAVy3LT9EYJM7yNZmUESMKRU0n44PBFP7iQrwXcopL7kWMF6SNzbBW6vVj4DtOtAs4OkWUdh 3D2pC00DYqwsVH2I0H503SeAbPoHi/zvVGAK2jvr4TbuGb+l42SKJnTkU0Z1DfAjVdNUWr05IAz4 /cTo+a/AbLE= X-Report-Abuse-To: spam@master.fido.net Authentication-Results: fido.net; spf=pass smtp.mailfrom=itz@primate.net X-FidoGuard-Class: ham X-FidoGuard-Evidence: Combined (0.15) X-Recommended-Action: accept List-Post: List-Unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-users" Precedence: bulk Sender: owner-mutt-users@mutt.org X-PlusHosting-MailScanner-Information: Please contact the ISP for more information X-PlusHosting-MailScanner-ID: 1bm7ql-0001YZ-0Z X-PlusHosting-MailScanner: Found to be clean X-PlusHosting-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.199, required 5, BAYES_00 -1.90, HEADER_FROM_DIFFERENT_DOMAINS 0.00, KAM_LAZY_DOMAIN_SECURITY 1.00, RCVD_IN_DNSWL_MED -2.30) X-PlusHosting-MailScanner-From: owner-mutt-users-m24753@mutt.org X-Spam-Status: No X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= On 2016-09-19 22:25, Miroslav Rovis wrote: > $ gpg --verify dNZQNRnu_DarakMarjal160907-raw_QkYBXROR.sig \ > dNZQNRnu_DarakMarjal160907-raw.asc > gpg: Signature made Wed 07 Sep 2016 12:21:36 CEST using RSA key ID > 48C912E7 > gpg: BAD signature from "Paul Saunders " > $ You're a victim of the same misunderstanding as I was, when I tried to investigate the problem this way :-P You need to read RFC 3156, which specifies how the signature is computed on PGP/MIME mails. It is _not_ on the data you see when you dump the text into a Unix file (even when you take into account the encoding such as quoted-printable). Here are at least 3 differences: (there may be more) 1. Line endings: all transformed into CRLF before signing 2. Trailing whitespace: all stripped before signing 3. MIME part headers (ie. the stuff after the MIME boundary line and before the first empty line after that): included in signed data So, if we want to pursue this line of verifying from the command line, first we need a piece of code or script that will take an email and spit out the data _as used for the signature computation_. I think it ought to exist out there. That is my next step. As I reported in other subthread, I took one "BAD" email from my system (directly from the maildir, not exporting with mutt) and compared it to the archived copy from MARC. They were identical. At least this way I eliminated the possibility of mangling by intermediate MTAs. For my part I now think this is a flea. -- Please *no* private Cc: on mailing lists and newsgroups Why does the arrow on Hillary signs point to the right?