[kleopatra] [Bug 340144] BUG1: Verify signs signed with subkeys fails.

earthsound at gmail.com earthsound at gmail.com
Tue Mar 10 17:57:51 GMT 2015


https://bugs.kde.org/show_bug.cgi?id=340144

earthsound at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |earthsound at gmail.com

--- Comment #1 from earthsound at gmail.com ---
I can confirm this behavior. I'm using Kleopatra Version 2.2.0-git945878c
(2014-11-25) downloaded as part of gpg4win 2.2.3 on Windows 7 64-bit.

When I download
https://www.torproject.org/dist/torbrowser/4.5a4/torbrowser-install-4.5a4_en-US.exe
and
https://www.torproject.org/dist/torbrowser/4.5a4/torbrowser-install-4.5a4_en-US.exe.asc,
import the Tor Browser Developers (signing key) [0x4E2C6E8793298290], and
attempt to verify it with Kleopatra, I get this message:

Signed on 2015-02-25 01:55 with unknown certificate
0x5242013F02AFC851B1C736B87017ADCEF65C2036.
The validity of the signature cannot be verified.

When I use gpg 2.0.26 (again, obtained as part of gpg4win), I get the following
output:

gpg: Signature made 02/25/15 01:55:56 Central Standard Time using RSA key ID
F65C2036
gpg: Good signature from "Tor Browser Developers (signing key)
<torbrowser at torproject.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
     Subkey fingerprint: 5242 013F 02AF C851 B1C7  36B8 7017 ADCE F65C 2036

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Kdepim-bugs mailing list