On Sun, Nov 10, 2002 at 08:59:17AM +0530, Amish K. Munshi wrote:
I just noticed that the digitally signed messages from my Kmail (1.4.3) is not recognised as a valid signature. Same is the case for vice-versa. Isnt there any standard for digital signatures, and how to organizations work with different mail clients (that is if they do work with different mail clients) when their digital signatures do not work.
I don't think that it is a client problem ... are you talking about GPG signatures? I notice you have a very fresh key which has not been signed by anyone ...
Please post the error message you get about "invalid signature".
Visit http://munshi.dyndns.org/~amish/sign.txt to obtain a Public key of my digital signatute.
Slight confusion of terms here ... your public key is part of a pair - public and private. And the signature is message specific, created using your private key, which can be verified by anyone who has your public key.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9zdKO6apqhFnXaBMRAiupAKCR8Dsa6NIin8IE93CrsVhc1M0x/ACdGlbE T9zJjC3AS0d2VgxCIF/4uao= =wMwX -----END PGP SIGNATURE-----
Here's what mutt using gpg has to say about your signature:
[-- PGP output follows (current time: Sun Nov 10 09:59:42 2002) --] gpg: Signature made Sun Nov 10 08:59:18 2002 IST using DSA key ID 59D76813 gpg: Good signature from "Amish K. Munshi amish@munshi.dyndns.org" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F3BD 07E2 E80E 3CB2 A504 7CE3 E9AA 6A84 59D7 6813
This is after I downloaded your public key from the URL you mentioned ... but my key database says that your public key is not "signed" by anyone I trust. So there's no way for gpg running on my machine to know whether this key really belongs to you. So everytime you get a signed message from someone, ensure you have their public key with you.
To tackle this, get your gpg-key fingerprint when you come to the meet. Write it down on a piece of paper, and be sure to bring valid identification documents with you, like license or college I-Card or passport.
man gpg gpg --fingerprint
BTW, I just noticed you have three keys registered on the public key servers, while the one you advertise currently isn't listed anywhere ... I don't think that's a very good idea. If you intend to stick to one of them, remember to revoke the others.
Sameer.