[imp] Bad gpg signatures - solved
Michael M Slusarz
slusarz at bigworm.colorado.edu
Wed Mar 12 17:21:59 PST 2003
Quoting Rick Emery <rick at emery.homelinux.net>:
| Quoting Rick Emery <rick at emery.homelinux.net>:
|
| > In the last week or so, I've been getting a lot of pgp signed messages
| from
| > mailing lists that say "gpg: BAD signature".
|
| It would appear (from my very basic testing) that the problem was
| MailScanner. I
| had it configured to attach this signature...
|
| > --
| > This message has been scanned for viruses and dangerous
| > content by MailScanner, and is believed to be clean.
|
| to all clean messages. Apparently adding this changed the message such
| that the
| test failed.
Yup, that would do it. When signing a message, you must sign the message by
analyzing the canonical contents of the message. The canonical contents may
NOT be the same as what is actually sent, not to mention that anything added
to the message will invalidate the signature.
michael
______________________________________________
Michael Slusarz [slusarz at bigworm.colorado.edu]
The University of Colorado at Boulder
More information about the imp
mailing list