Robert L Cochran wrote: > Todd Zullinger wrote: >> The signed message Robert sent earlier in this thread has a bad >> signature because something (most likely his mail client) word >> wrapped the message after gpg had signed it. I saved the message, >> unwrapped the one long line and verified the signature. >> > > How do I fix this -- I'm using Thunderbird on Fedora 7 on my desktop > machine. However, I travel a fair amount and when I do, I tar up my > .thunderbird directory and scp it to my laptop, which is running > Fedora 10. That lets me download and filter my email with the same > mail client, although different versions of it. Hopefully some Thunderbird users can help with that. I would have thought that the enigmail plugin would handle things or at least let you know if you had settings which might cause problems. >> FWIW, the subkey on Robert's key is still expired. This make >> encrypting to his key difficult. In gpg, this is managed separately >> from the primary key. And again, it's acceptable to extend the >> expiration date or generate a new encryption subkey. In this case, >> generating a new key has less downsides, because you don't lose any >> signatures you have acquired on your key (since those signatures are >> on the primary key, not the subkey). >> >> $ gpg --list-options show-unusable-subkeys --list-sigs C2C60518 >> pub 1024D/C2C60518 2008-01-19 [expires: 2010-02-21] >> uid Robert L. Cochran (Greenbelt) <cochranb speakeasy net> >> sig 31014A12 2008-02-14 [User ID not found] >> sig 3 C2C60518 2009-02-21 Robert L. Cochran (Greenbelt) <cochranb speakeasy net> >> sig 3 C2C60518 2008-01-19 Robert L. Cochran (Greenbelt) <cochranb speakeasy net> >> sig X CA57AD7C 2008-02-03 PGP Global Directory Verification Key >> sub 2048g/48FE9C94 2008-01-19 [expired: 2009-01-18] >> sig C2C60518 2008-01-19 Robert L. Cochran (Greenbelt) <cochranb speakeasy net> >> >> > What is an acceptable way to fix this? Is there a way to remove the PGP > Global Directory signature or update it but still keep the one from > 31014A12 -- that's the signature of someone working for NASA who met me > and signed my key. I wouldn't worry about the PGP Global Directory signatures. They don't cause any harm. I do believe you can remove your key from the PGP Global Directory and they will then stop adding signatures to your key. However, this makes your key a bit less easily found by users of PGP's products on Windows and Mac, as those products use the Global Directory as their default keyserver. What you might wish to fix is your expired subkey. Otherwise, anyone trying to encrypt something to you will have problems. You can extend the expiration on the subkey similarly to extending it on the main key. If you use the command line gpg tool, you could use: gpg --edit-key C2C60518 And then select your subkey using "key 1" at the prompt. Then use "expire" to set a new expiration. I don't use the GUI tools for gpg management, but it looks like seahorse in gnome can do this. It's the "Passwords and Encryption Keys" item on the Accessories menu. Opening it showed me my keys. Double clicking the key I wanted to change brought up the key properties. Then on the details tab there was a subkeys item. I expanded that, selected my encryption subkey, and clicked the Expire button. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Talk is cheap because supply exceeds demand.
Description: PGP signature