[Users] secure email providers

Ralf Mardorf kde.lists at yahoo.com
Sat Apr 2 21:48:20 UTC 2022


On Sat, 2 Apr 2022 07:37:36 -0500, John B wrote:
>I mean, good grief...GPG for Winblows is simplicity for even dolts
>like me!

I agree that GPG issues are unlikely to happen, but there are some
pitfalls that could become a PITA. For example, a kernel developer
(Mr. Wagner) signed the source of a patch with a sub-key, that isn't
included to his public key available by keyservers. I imported his key
(without the required sub-key ;) from a keyserver, hence I was unable
to verify the kernel patch signed by him. In the end I got the sub-key
by importing it via git from kernel.org.

However, the gpg output I got was misleading. The short of the key is
not equal to the sub-key.

Begin forwarded message:

Date: Mon, 21 Mar 2022 09:36:11 +0100
From: Daniel Wagner
To: Ralf Mardorf
Cc: linux-rt-users <linux-rt-users at vger.kernel.org>
Subject: Re: [ANNOUNCE] 4.19.233-rt105

Hi Ralf,

On Fri, Mar 18, 2022 at 06:42:49PM +0100, Ralf Mardorf wrote:
> >[rocketmouse at archlinux linux-rt]$ gzip -cd
> >patch-4.19.233-rt105.patch.gz | gpg2 --verify
> >patch-4.19.233-rt105.patch.sign - gpg: Signature made Fri 11 Mar 2022
> >09:10:11 CET gpg:                using EDDSA key
> >1B45744BE36280CA7D6BD460E072D068B1F5703E
> >                        ^^^^^^^^^^^^^^^^
> >                        587C5ECA5D0A306C.asc  

It's a subkey hence the file name wont match. The file name is the
finger print and not the subkey.

[...]

ps: I have very strong feelings when it comes to gpg and no they are not
the good ones.


More information about the Users mailing list