15.04.2012 19:28, Camaleón kirjoitti: > On Wed, 11 Apr 2012 14:52:52 +0000, Camaleón wrote: > >> On Tue, 10 Apr 2012 14:43:51 +0000, Camaleón wrote: >> >> (...) >> >>> Anyway, I get the posts through a nntp news server (Gmane), I don't >>> know - because I've not tried- if the header information provided would >>> be enough to be able to verify the signature manually. >> >> Mmm, I tried this yesterday and it seems to be working fine from >> Thunderbird + Enigmail with no additional tweaks: signatures (both >> "inline" and "detached") are verified correctly. >> >> If Enigmail can parse and verify the signed posts I see no reason for >> gpg cannot do the same. > > (Disclaimer: newbies and soft-minded readers, please, stop reading here. > The following content can damage your mind. You've been advised) > Ignore people who say so. Your posts are usually helpful. By the way, same people told me to use PGP/MIME and when I asked how to do so they didn't say anything useful. > > As I thought, verifying PGP/MIME detached signatures can be also done from > command line with GPG. I have tried with some posts from this same mailing > list coming from users that use detached signatures and in every case it > worked fine: > > > > sm01@stt008:~/Desktop$ LANG=C gpg --keyserver-options auto-key-retrieve --keyserver pool.sks-keyservers.net --verify test.pgp test.eml > gpg: Signature made Tue Apr 10 08:41:59 2012 CEST using RSA key ID 82A46728 > gpg: Good signature from "Mika Suomalainen" > gpg: aka "Mika Suomalainen <s.mika95@gmail.com>" > gpg: aka "Mika Suomalainen <mika.henrik.mainio@hotmail.com>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728 > > > > sm01@stt008:~/Desktop$ LANG=C gpg --keyserver-options auto-key-retrieve --keyserver pool.sks-keyservers.net --verify test2.pgp test2.eml > gpg: Signature made Tue Apr 10 11:00:44 2012 CEST using RSA key ID 06AAAAAA > gpg: Good signature from "Jon Dowland <jmtd@debian.org>" > gpg: aka "Jon Dowland <jon@alcopop.org>" > gpg: aka "Jon Dowland <jon.dowland@ncl.ac.uk>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: E037 CB2A 1A00 61B9 4336 3C8B 0907 4096 06AA AAAA > > > > sm01@stt008:~/Desktop$ LANG=C gpg --keyserver-options auto-key-retrieve --keyserver pool.sks-keyservers.net --verify test3.pgp test3.eml > gpg: Signature made Mon Apr 9 21:46:11 2012 CEST using DSA key ID C13650B6 > gpg: Good signature from "Bob Proulx <bob@proulx.com>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 5B98 916C E867 EC0F D45C F608 D294 5C3B C136 50B6 > > > > sm01@stt008:~/Desktop$ LANG=C gpg --keyserver-options auto-key-retrieve --keyserver pool.sks-keyservers.net --verify test4.pgp test4.eml > gpg: Signature made Thu Apr 12 11:43:58 2012 CEST using RSA key ID DEA22DE9 > gpg: Good signature from "Andrei Popescu <andreimpopescu@gmail.com>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: 4ACD 960A 2844 2952 EE06 466F 7356 B378 DEA2 2DE9 > > > The recipe is very easy and the only needed ingredients are: > > - Browsing to the mailing list archive > - Telnet to "news.gmane.org" server to get the message > - Use "gpg --verify" > > And that's all. > > If anyone is interested in the detailed steps, just ask. > > Greetings, > Thank you for testing this. I will keep this in mind whenever I have a need for this :). -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728
Attachment:
0x82A46728.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature