[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

gpg: BAD signature from "Sendmail Signing Key/2003 <sendmail@Sendmail.ORG>"

From: Al Sparks <data345 yahoo com>
To: Red Hat List <redhat-list redhat com>
Subject: gpg: BAD signature from "Sendmail Signing Key/2003 <sendmail@Sendmail.ORG>"
Date: Tue Mar 4 01:42:19 2003

This is driving me nuts.  But I am a newbie to gpg.

I'm running RH 7.2.  The gpg is from the standard rpm off of the CD.
Here's the output from "gpg --version":
gpg (GnuPG) 1.0.6
Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Cipher: 3DES, CAST5, BLOWFISH, RIJNDAEL, RIJNDAEL192, RIJNDAEL256, TWOFISH
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Hash: MD5, SHA1, RIPEMD160


I went on the sendmail site, and downloaded the files:
    sendmail.8.12.8.tar
    sendmail.8.12.8.tar.gz.sig

I also downloaded sendmail.org's PGPKEYS.txt file.

I imported the keys in that file with
   $ gpg --import PGPKEYS.txt
and it seemed to work fine.  Here's the output:
    gpg: key 16F4CCE9: public key imported
    gpg: key 396F0789: public key imported
    gpg: key 678C0A03: public key imported
    gpg: key CC374F2D: public key imported
    gpg: key E35C5635: public key imported
    gpg: key A39BA655: public key imported
    gpg: key D432E19D: public key imported
    gpg: key 12D3461D: public key imported
    gpg: key BF7BA421: public key imported
    gpg: key A00E1563: non exportable signature (class 10) - skipped
    gpg: key A00E1563: public key imported
    gpg: key 22327A01: public key imported
    gpg: Total number processed: 11
    gpg:               imported: 11  (RSA: 11)

According to the instructions in sendmail.org, I'm supposed to 
    $ gunzip -c sendmail.8.12.8.tar.gz | gpg --verify sendmail.8.12.8.tar.gz.sig -
and the output is:
    gunzip: sendmail.8.12.8.tar.gz: No such file or directory
    gpg: Signature made Tue 11 Feb 2003 10:25:07 AM AKST using RSA key ID 396F0789
    gpg: BAD signature from "Sendmail Signing Key/2003 <sendmail Sendmail ORG>"


Now I notice that the latest version of gpg is 1.2.1, but I figure
if this was a big deal, RedHat would have put out an update (I checked both their 
site and rpmfind and they haven't).

I notice that it's the *.sig file that's generating this error, because if I change
the input I get the same error.

As I said before, I'm a newbie to gpg.  So there might be something obvious 
I'm missing.
  === Al

Follow-Ups:
- Re: gpg: BAD signature from "Sendmail Signing Key/2003<sendmail@Sendmail.ORG>"
  - From: Mikkel L. Ellertson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]