Launchpad itself

Bug #612754
Comment #15

Comment 15 for bug 612754

Revision history for this message

Benji York (benji) wrote on 2010-10-01: Re: [Bug 612754] Re: Submit Request Failure: Signature couldn't be verified: (7, 8, u'Bad signature') - with email signed and sent from sup-mail

#15

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The timestamp checking is only used for email to bugs that include
commands. The timestamp checking also generates error messages that
describe exactly why the mail was rejected.

I tried to check the message in review_failure.txt by hand with no luck.
I put the signature in one file and the content of the MIME section
containing the message itself in another file. At first GPG complained
that it couldn't find the public key:

gpg: Signature made Thu 29 Jul 2010 10:59:29 PM EDT using DSA key ID ECF7A558
gpg: Can't check signature: public key not found

...so I added the key:

gpg --search-keys ECF7A558
gpg: searching for "ECF7A558" from hkp server keys.gnupg.net
(1) Mathias Gug <email address hidden>
        Mathias Gug <email address hidden>
        Mathias Gug <email address hidden>
        Mathias Gug <email address hidden>
        Mathias Gug (Ubuntu key) <email address hidden>
        Mathias Gug (Ubuntu key) <email address hidden>
        Mathias Gug (Ubuntu key) <email address hidden>
        Mathias Gug (Ubuntu key) <email address hidden>
          1024 bit DSA key ECF7A558, created: 2007-05-21
Keys 1-1 of 1 for "ECF7A558". Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key ECF7A558 from hkp server keys.gnupg.net
gpg: key ECF7A558: public key "Mathias Gug <email address hidden>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg: imported: 1

...and tried again:

gpg: Signature made Thu 29 Jul 2010 10:59:29 PM EDT using DSA key ID ECF7A558
gpg: BAD signature from "Mathias Gug <email address hidden>"

I couldn't get GPG to validate the signature with any amount of fiddling
with the message (removing leading/trailing newlines, including or
removing the headers, including or removing the Multipart MIME
separator, etc.).

It would be helpful if one of the people experiencing this problem would
clearsign a small text file with the same key they normally use and
attach it to this bug. Like so:

gpg --clearsign message

(The signed file will be message.asc.)

It would also be informative if you can sign an email message in the
same way as above and paste it into the body of an email to one of the
destinations that is having the problem. Be careful not to sign the
email a second time with your mail client.

By way of a small test I've signed this message in the way described
above and emailed it to Launchpad.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJMpjO8AAoJEM45TM4qdG169rgH/3NDM0LWpA6U2pl8+Y7pS1Vf
o21vSLo1DzOqgBvulPMxjyTekSHtgstOKryBu14iQyt7m0nbjr5xoMe62ZMHoMaK
MUlvIU9j3AQHj8dTcAyiwSfqqnz0nzS2+PxbQgSo2WeKIj6SQPAwMX97qtEAr2Xv
FO5TboZse/CctN/BeS2H8z6kLH0jy0aTYIf23RdbTQ9FYlz6UnM56kUREyTIZS8x
9Gl9zDqpKZe9YlMfL86Q9XqNDOScuL9T11kX36OEo7rl1CMZzRiXtDyJYUDfxN2V
Sc/b8TFLMNpVahSXgg/GafPm6L3x2x8m2yX317DuwGkwLzGIs3COHHbpkFj82rM=
=Vbg5
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The timestamp checking is only used for email to bugs that include
commands.  The timestamp checking also generates error messages that
describe exactly why the mail was rejected.

I tried to check the message in review_failure.txt by hand with no luck.
I put the signature in one file and the content of the MIME section
containing the message itself in another file.  At first GPG complained
that it couldn't find the public key:

gpg: Signature made Thu 29 Jul 2010 10:59:29 PM EDT using DSA key ID ECF7A558
gpg: Can't check signature: public key not found

...so I added the key:

gpg --search-keys ECF7A558
gpg: searching for "ECF7A558" from hkp server keys.gnupg.net
(1)     Mathias Gug <mz@mathiaz.net>
        Mathias Gug <mathiaz@ubuntu.com>
        Mathias Gug <mathias.gug@gmail.com>
        Mathias Gug <mathias.gug@canonical.com>
        Mathias Gug (Ubuntu key) <mathiaz@ubuntu.com>
        Mathias Gug (Ubuntu key) <mathias.gug@gmail.com>
        Mathias Gug (Ubuntu key) <mathias.gug@ubuntu.com>
        Mathias Gug (Ubuntu key) <mathias.gug@canonical.com>
          1024 bit DSA key ECF7A558, created: 2007-05-21
Keys 1-1 of 1 for "ECF7A558".  Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key ECF7A558 from hkp server keys.gnupg.net
gpg: key ECF7A558: public key "Mathias Gug <mathias.gug@gmail.com>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:               imported: 1

...and tried again:

gpg: Signature made Thu 29 Jul 2010 10:59:29 PM EDT using DSA key ID ECF7A558
gpg: BAD signature from "Mathias Gug <mathias.gug@gmail.com>"

It would be helpful if one of the people experiencing this problem would
clearsign a small text file with the same key they normally use and
attach it to this bug.  Like so:

gpg --clearsign message

(The signed file will be message.asc.)

It would also be informative if you can sign an email message in the
same way as above and paste it into the body of an email to one of the
destinations that is having the problem.  Be careful not to sign the
email a second time with your mail client.

By way of a small test I've signed this message in the way described
above and emailed it to Launchpad.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)