Quantcast
Channel: Symantec Connect - Security - Discussions
Viewing all articles
Browse latest Browse all 203

failures in Sign verification.

$
0
0
I need a solution

Hi,

One of our partner sends us the PGP signed files. it has shared its public key with us and we have added it in out public keyrings. the key can be seen by "pgp --list-keys"commnad in the keyring. 

however when I see the details of the key using "pgp --list-key-details <keyID>", I suspect below is not correct with the key details:

 Type: RSA (v4) public key
       Size: 2048
   Validity: Invalid
      Trust: Never
    Created: 2015-12-03
    Expires: 2022-08-02
     Status: Active
     Cipher: CAST5 (Absent)
       Hash: SHA-1 (Absent)
   Compress: Zip (Absent)

      Photo: No
  Revocable: No
      Token: No
  Keyserver: Absent
    Default: No
    Wrapper: No
 Prop Flags: Absent
 Ksrv Flags: Absent
 Feat Flags: Absent
  Notations: None
      Usage: Sign user IDs
      Usage: Sign messages
      Usage: Encrypt communications
      Usage: Encrypt storage
      Usage: PGP NetShare
      Usage: PGP WDE
      Usage: PGP ZIP
      Usage: PGP Messaging

  Subkey ID: None

        ADK: None

    Revoker: None

when I verify the messages sent by the partner signed with this key, I get below error log:

[rt6000946:/apps/bfg/shared/pgp]> ./pgp --verify /tmp/RJCT_993642151c5036949node1

/tmp/RJCT_993642151c5036949node1:verify (3042:suggested output file name ********)

/tmp/RJCT_993642151c5036949node1:verify (3177:message signed by key ID *********)

/tmp/RJCT_993642151c5036949node1:verify (3038:signing key *************)

/tmp/RJCT_993642151c5036949node1:verify (3079:signing key invalid)

/tmp/RJCT_993642151c5036949node1:verify (3040:signature created 2015-12-21T14:48:53+00:00)

/tmp/RJCT_993642151c5036949node1:verify (3170:signature hash SHA-256)

/tmp/RJCT_993642151c5036949node1:verify (3036:bad signature)

/tmp/RJCT_993642151c5036949node1:verify (0:verify complete)

However the sender claims that he can verify these files usign PGP Studio software at his end. I have hidden the key information from the above logs deliberately, however it matches with the key which partner has provided us and is present in our PGP public keyrings.

Could you please suggest, what could be wrong in this case.

Can it be due to preffered cipher and hash setting missing from the client's private key?

0

Viewing all articles
Browse latest Browse all 203

Trending Articles