On Wed, Oct 16, 2002 at 11:59:44AM -0500, David wrote:
> In an attempt to learn more about the workings of gpg, I've been trying
> to verify emails from the command line.
>
> These signatures are not signed, but mutt reports a good signature, but,
> of course, warning that they are not signed..
>
> When I try to verify a saved message - one which has been reported as
> "good" from Mutt, gpg returns a "BAD" signature.
That's probably because the mail is encoded in e.g. quoted-printable.
When you save an attachment from mutt, mutt de-codes it first (so you
end up with plain text).
From mutt, try to (C)opy the message to /tmp/somefile, and look at it
there. You'll probably see things like "--=20" at the beginning of the
signature.
The authoritative source is probably rfc2015:
http://www.faqs.org/rfcs/rfc2015.html
which I believe mutt follows. It's quite a good read.
--
Karl E. Jørgensen
karl@jorgensen.com
www.karl.jorgensen.com
==== Today's fortune:
Economics is extremely useful as a form of employment for economists.
-- John Kenneth Galbraith
Attachment:
pgpjGi6FlUn16.pgp
Description: PGP signature