[kleopatra] [Bug 507556] New: Signature verification cannot find any valid PGP data, but command gpg.exe can

Douglas Silva bugzilla_noreply at kde.org
Sun Jul 27 21:54:33 BST 2025 

https://bugs.kde.org/show_bug.cgi?id=507556

            Bug ID: 507556
           Summary: Signature verification cannot find any valid PGP data,
                    but command gpg.exe can
    Classification: Applications
           Product: kleopatra
      Version First gpg4win 4.4.1
       Reported In:
          Platform: Other
                OS: Microsoft Windows
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: kloecker at kde.org
          Reporter: doug.hs at protonmail.ch
                CC: aheinecke at gnupg.org, kdepim-bugs at kde.org, mutz at kde.org
  Target Milestone: ---

Created attachment 183571
  --> https://bugs.kde.org/attachment.cgi?id=183571&action=edit
Screenshot of Kleopatra

SUMMARY
Kleopatra fails to locate any valid PGP data in the signature file, while the
command-line gpg.exe can.

STEPS TO REPRODUCE
1. Download the Syncthing signed checksum file¹ and the Windows zip file ².
2. With both downloaded files in the same folder, double-click the signature
file to open with Kleopatra.

1.
https://github.com/syncthing/syncthing/releases/download/v1.30.0/sha256sum.txt.asc
2.
https://github.com/syncthing/syncthing/releases/download/v1.30.0/syncthing-windows-amd64-v1.30.0.zip

OBSERVED RESULT
```
sha256sum.txt.asc -> sha256sum.txt: Verification failed: No data.
gpg: nenhum dado OpenPGP válido encontrado.
```
Translated: "no valid OpenPGP data found"

EXPECTED RESULT
Open up a powershell terminal and `cd` to the Downloads folder.
Run `gpg.exe --verify .\sha256sum.txt.asc`

Full output:
```
> gpg.exe --verify .\sha256sum.txt.asc
gpg: nenhum dado OpenPGP válido encontrado.
gpg: Assinatura feita em 07/01/25 08:26:47 E. South America Standard Time
gpg:        usando a chave RSA de FBA2E162F2F44657B38F0309E5665F9BD5970C47
gpg: Assinatura válida de "Syncthing Release Management
<release at syncthing.net>" [desconhecido]
gpg: AVISO: Esta chave não está certificada com uma assinatura confiável!
gpg:          Não há indicação que a assinatura pertença ao dono.
Impressão digital da chave principal: FBA2 E162 F2F4 4657 B38F  0309 E566 5F9B
D597 0C47
gpg: Assinatura feita em 07/01/25 08:26:47 E. South America Standard Time
gpg:        usando a chave RSA de 37C84554E7E0A261E4F76E1ED26E6ED000654A3E
gpg: Assinatura válida de "Syncthing Release Management
<release at syncthing.net>" [desconhecido]
gpg: AVISO: Esta chave não está certificada com uma assinatura confiável!
gpg:          Não há indicação que a assinatura pertença ao dono.
Impressão digital da chave principal: 37C8 4554 E7E0 A261 E4F7  6E1E D26E 6ED0
0065 4A3E
```

Translation: "gpg: Valid signature from Syncthing Release Management..."

SOFTWARE/OS VERSIONS
Edition Windows 11 Pro
Version 24H2
Installed on    ‎05/‎05/‎2025
OS build        26100.4652
Experience      Windows Feature Experience Pack 1000.26100.128.0


ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the Kdepim-bugs mailing list