Mutt and GPG - claims ALL signatures can't be verified
in [Debian]
|
From: Alexander Batischev on 11 Jun 2010 17:20 On Fri, Jun 11, 2010 at 06:59:23PM +0000, Camaleón wrote: > On Fri, 11 Jun 2010 21:37:57 +0300, Alexander Batischev wrote: > > > On Fri, Jun 11, 2010 at 06:21:14PM +0000, Camale??n wrote: > > >> In order to verify a signed message, either you have to previosuly > >> import the key into your keyring or you need to setup Mutt to retrieve > >> the key from public servers. > > > > I have all the keys retrieved (previously, I run gpg --recv-keys keyID > > every time I face with new key; now I just set "keyserver-options > > auto-key-retrieve" in ~/.gnupg/gpg.conf, so all new keys are retrieved > > automatically). And it still doesn't explain why my own signature can't > > be verified, too. > > Then maybe is that you have to "explicitely" import the key and trust > that key. Did you already do that? :-? Well, okay, I set trust for my key to 5 (absolute) and for Boyd's to 4. Now when I open my message, I see the following: [-- PGP output follows (current time: Fri Jun 11 23:59:09 2010) --] gpg: Signature made Fri Jun 11 21:37:57 2010 EEST using DSA key ID 69093C81 gpg: Good signature from "Alexander Batischev <eual.jp(a)gmail.com>" [-- End of PGP output --] Better than before, but mutt still claims "signature can NOT be verified"⦠> Also, test it with another e-mail client (thunderbird, kmail, > evolution...) so you can compare the results. One thing why I don't like GUI apps as much as CLI: something might work or might not, and in both cases you hardly find out why. Are there another mail client as flexible in setup as mutt, so if I see GPG working in there I could look how it is configured? -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81
From: Alexander Batischev on 11 Jun 2010 17:30 Done a little more research: I used lsign (local sign) command and signed Andrei Popescu's key. Then I set full trust for it. After that, mutt showed me message like that one showed in previous post: just two lines saying sign is correct. But mutt still says that sign can not be verified! I definitely missed something about GPG signing/web of trust/etc... -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81
From: Camaleón on 11 Jun 2010 17:50 On Sat, 12 Jun 2010 00:09:30 +0300, Alexander Batischev wrote: > On Fri, Jun 11, 2010 at 06:59:23PM +0000, Camaleón wrote: >> Then maybe is that you have to "explicitely" import the key and trust >> that key. Did you already do that? :-? > > Well, okay, I set trust for my key to 5 (absolute) and for Boyd's to 4. > Now when I open my message, I see the following: > > [-- PGP output follows (current time: Fri Jun 11 23:59:09 2010) --] > gpg: Signature made Fri Jun 11 21:37:57 2010 EEST using DSA key ID > 69093C81 > gpg: Good signature from "Alexander Batischev <eual.jp(a)gmail.com>" > [-- End of PGP output --] That message looks right. > Better than before, but mutt still claims "signature can NOT be > verified"… Still? From where are you getting that "not verified" message? From Mutt's pager? Also, the message should be automatically marked with "S" (uppercase "s") when the signature has been successfully verified. Are you seeing that "S" in your message? >> Also, test it with another e-mail client (thunderbird, kmail, >> evolution...) so you can compare the results. > > One thing why I don't like GUI apps as much as CLI: something might work > or might not, and in both cases you hardly find out why. Are there > another mail client as flexible in setup as mutt, so if I see GPG > working in there I could look how it is configured? Well, what we are testing here (by using another e-mail client) is GPG and your keyring configuration, so you better try with a GUI e-mail client that uses the system-wide GPG and keyring setup (if you are in GNOME, try Evolution; if using KDE try with KMail). Thunderbird has its own plugin to manage PGP keys (via Enigmail), I guess. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/pan.2010.06.11.21.39.57(a)gmail.com
From: Alexander Batischev on 11 Jun 2010 19:00 On Fri, Jun 11, 2010 at 09:39:58PM +0000, Camaleón wrote: <skipped> > > Better than before, but mutt still claims "signature can NOT be > > verified"⦠> > Still? From where are you getting that "not verified" message? From > Mutt's pager? Yes, mutt's pager. Message appears at the very bottom of the screen. > Also, the message should be automatically marked with "S" (uppercase "s") > when the signature has been successfully verified. Are you seeing that > "S" in your message? No, it's "s" for all signed messages. > >> Also, test it with another e-mail client (thunderbird, kmail, > >> evolution...) so you can compare the results. > > > > One thing why I don't like GUI apps as much as CLI: something might work > > or might not, and in both cases you hardly find out why. Are there > > another mail client as flexible in setup as mutt, so if I see GPG > > working in there I could look how it is configured? > > Well, what we are testing here (by using another e-mail client) is GPG > and your keyring configuration, so you better try with a GUI e-mail > client that uses the system-wide GPG and keyring setup (if you are in > GNOME, try Evolution; if using KDE try with KMail). > > Thunderbird has its own plugin to manage PGP keys (via Enigmail), I guess. Okay, I installed Icedove and Enigmail, then sent signed message to myself. Icedove says that sign is well, mutt still claims that sign can not be verified (but it shows two lines which I mentioned before, between headers and body). So problem is in mutt's configuration, right? -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81
From: Rob Owens on 12 Jun 2010 09:30 On Fri, Jun 11, 2010 at 08:48:09PM +0300, Alexander Batischev wrote: > I'm using mutt for about a month already. Almost all problems already solved, I > successfully moved to IMAP. It's time to get GPG signing to work. > > As you probably noticed, all my messages are signed. But when I open any--even > my own!--message, mutt tells me that PGP signature can NOT be verified. Which > is more interesting, I did not have that problem before I imported my secure > key (it was stored on desktop; now I'm mostly use netbook). I mean, I had PGP > set but I didn't have secure key so I did not sign my messages, just verify > other's. > > I did some little research on the web. It seems that problem is pretty popular, > and most common answer is to set pgp_good_sign in muttrc. As far as I copied my > GPG config from Mutt GnuPG HowTo[1], I already had that option set. I also > tried to set it to the following: > > set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`" > > which, as I could understand, is just a trick to add sender's name to GPG's > verification message, but it didn't solve my problem. I also tried to not set > this option, with no luck. Does anyone have any advice? > > My .muttrc attached. > > > 1. http://codesorcery.net/old/mutt/mutt-gnupg-howto > I'm using Mutt and GPG, and it's working fine. I'm pretty sure all my system config files for Mutt and GPG are untouched. Here are the relevant GPG lines from my .muttrc. Don't ask me to explain them, they are copy-and-pasted from some website somewhere (by the way, I remember having a lot of trouble finding a website that had accurate information on how to do this). # GPG / PGP rules set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt-to 70952D9D --encrypt --textmode --armor --always-trust -- -r %r -- %f" set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt-to 70952D9D --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" # no encryption or signature by default: send-hook . 'set pgp_autosign=no; set pgp_autoencrypt=no' # always encrypt and sign to some recipients: send-hook '~t "(user(a)domain.com|user2(a)domain.com|otheruser(a)domain.net)"' 'set pgp_autosign=yes; set pgp_autoencrypt=yes' For GUIs, I like seahorse and thunderbird's enigmail GUI (even if you're not using thunderbird/icedove for email, the GPG GUI is helpful). If this problem started when you imported your private key, then maybe that was not done correctly. Is there a step that needs to be taken besides simply importing? (I don't know the answer to that). Maybe you should take this outside of Mutt and see what happens. Can you sign a file and then verify its signature? You might at least get more helpful error messages this way. -Rob -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100612132245.GB6008(a)aurora.owens.net
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: Upgrade Kernel, Lose External Display Next: Caraíbas * Baleares & Canárias * Cabo Verde |