Hi,
One of our partner sends us the PGP signed files. it has shared its public key with us and we have added it in out public keyrings. the key can be seen by "pgp --list-keys"commnad in the keyring.
however when I see the details of the key using "pgp --list-key-details <keyID>", I suspect below is not correct with the key details:
Type: RSA (v4) public key
Size: 2048
Validity: Invalid
Trust: Never
Created: 2015-12-03
Expires: 2022-08-02
Status: Active
Cipher: CAST5 (Absent)
Hash: SHA-1 (Absent)
Compress: Zip (Absent)
Photo: No
Revocable: No
Token: No
Keyserver: Absent
Default: No
Wrapper: No
Prop Flags: Absent
Ksrv Flags: Absent
Feat Flags: Absent
Notations: None
Usage: Sign user IDs
Usage: Sign messages
Usage: Encrypt communications
Usage: Encrypt storage
Usage: PGP NetShare
Usage: PGP WDE
Usage: PGP ZIP
Usage: PGP Messaging
Subkey ID: None
ADK: None
Revoker: None
when I verify the messages sent by the partner signed with this key, I get below error log:
[rt6000946:/apps/bfg/shared/pgp]> ./pgp --verify /tmp/RJCT_993642151c5036949node1
/tmp/RJCT_993642151c5036949node1:verify (3042:suggested output file name ********)
/tmp/RJCT_993642151c5036949node1:verify (3177:message signed by key ID *********)
/tmp/RJCT_993642151c5036949node1:verify (3038:signing key *************)
/tmp/RJCT_993642151c5036949node1:verify (3079:signing key invalid)
/tmp/RJCT_993642151c5036949node1:verify (3040:signature created 2015-12-21T14:48:53+00:00)
/tmp/RJCT_993642151c5036949node1:verify (3170:signature hash SHA-256)
/tmp/RJCT_993642151c5036949node1:verify (3036:bad signature)
/tmp/RJCT_993642151c5036949node1:verify (0:verify complete)
However the sender claims that he can verify these files usign PGP Studio software at his end. I have hidden the key information from the above logs deliberately, however it matches with the key which partner has provided us and is present in our PGP public keyrings.
Could you please suggest, what could be wrong in this case.
Can it be due to preffered cipher and hash setting missing from the client's private key?