[james@nocrew.org: Problems with GnuPG and being unable to verify signatures or import some keys]
This is merely a forward to get this into the web archive (I hope).
Anand
----- Forwarded message from James Troup <james@nocrew.org> -----
Date: 04 Sep 2000 07:57:37 +0100
From: James Troup <james@nocrew.org>
Subject: Problems with GnuPG and being unable to verify signatures or import some keys
To: debian-newmaint-admin@lists.debian.org
Mail-Copies-To: never
User-Agent: Gnus/5.0803 (Gnus v5.8.3) Emacs/20.7
X-Mailing-List: <debian-newmaint-admin@lists.debian.org> archive/latest/75
Hi,
Unfortunately due to a bug in GnuPG with ElGamal key handling there is
now a nasty compatability problem.
The confusing version is: ElG keys created using GnuPG <= 1.0.1 may
erroneously generate BAD signatures, if checked with GnuPG >= 1.0.2.
And vice versa, ElG keys created using GnuPG >= 1.0.2 may erroneously
generate BAD signatures if check with GnuPG <= 1.0.1.
The non-confusing version: all AMs should upgrade to GnuPG 1.0.2 (it's
in woody but it doesn't have any nasty dependencies and is perfectly
safe to install onto a potato system); if you have problems verifying
signatures from an applicant, try adding "--emulate-md-encode-bug" to
the command line. If this fixes it, your applicant has a buggy ElG
key. Get him to install GnuPG 1.0.2 and generate another one. (If he
needs the old one for verification purposes, simply include both of
them in the report to da-manager@)
HTH and/or made some sense.
--
James
--
To UNSUBSCRIBE, email to debian-newmaint-admin-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
----- End forwarded message -----
Reply to: