cr-gpg doesn't handle signature.asc attachment properly

[dustinkirkland]

I've also tried to use cr-gpg to verify detached signatures. I'm getting the following message in a popup:

gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

There is only one signature, signature.asc. It is valid. I do have the necessary public key in my local keyring. Can anyone else confirm that detached signature.asc files can be verified?

[RC1140]

Hey Dustin

The detached sigs do not verify and I will see what we can do to get this working for now we can only verify whats in a mail message which is inline sigs. I saw your other issue that you logged , can you forward me a copy that does not verify

[dustinkirkland]

Ah, okay, thanks! I'll keep watching this issue here, as I'd love to see this working! Thanks so much!

[RC1140]

Hi
The code to handle detached signatures has been added to the repo , after we have tested this a bit in private beta it will be rolled into the next release.

[dustinkirkland]

Great! Is there a package available? If so, I'll be glad to test it and
give feedback here. What version number am I looking for?
On Feb 6, 2012 3:03 AM, "Jameel Haffejee" <
reply@reply.github.com>
wrote:

Hi
The code to handle detached signatures has been added to the repo , after
we have tested this a bit in private beta it will be rolled into the next
release.

---

Reply to this email directly or view it on GitHub:
#9 (comment)

[RC1140]

I have not yet made a release yet , what OS + 32/64 are you using ,I will make a build and let you know as soon as its uploaded.

[dustinkirkland]

64-bit Ubuntu 11.10. Thanks!

[dustinkirkland]

Hi Jameel, any progress on that package? Thanks!

[RC1140]

Hi dustin sorry for the delay , you can grab the package from here.

https://github.com/downloads/RC1140/cr-gpg/cr-gpg-0.7.8-Beta1.crx

[dustinkirkland]

Hmm, well, bad news, Jameel... The 'verify signature' button doesn't
work at all any more. Before, it could check inline signatures, but
not detached ones. Now, it's not able to check either. Sorry.

[RC1140]

Hi Dustin
Hope you dont mind me asking a couple of question.

1. Did any of the other functions work.
2. What was your process for signing a file.
3. Was the message you were verifying copy and pasted into the email.
4. When you say it did not work , did it not verify when it should have or did nothing happen at all.

[dustinkirkland]

On Mon, Feb 13, 2012 at 1:14 PM, Jameel Haffejee
reply@reply.github.com
wrote:

Hi Dustin
Hope you dont mind me asking a couple of question.

Not at all :-)

1. Did any of the other functions work.

Encryption, decryption, and signing seemed to work fine.

1. What was your process for signing a file.

Signing worked fine. I was trying to verify other signatures from my
email archive by clicking the "check" box.

1. Was the message you were verifying copy and pasted into the email.

No, I just dug through my gmail history for signed messages.

1. When you say it did not work , did it not verify when it should have or did nothing happen at all.

Nothing at all would happen when I clicked the verify signature check button.

Note that I've downgraded to 0.7.8 and it's back to working again (ie,
I am able to verify inline sigatures, but not detached ones).

[RC1140]

Hi

For 2.) I wanted to know how you generated the .sig files , i.e is there a specific app i can test with so that I get similar results to you.

[dustinkirkland]

On Mon, Feb 13, 2012 at 1:37 PM, Jameel Haffejee
reply@reply.github.com
wrote:

Hi

For 2.) I wanted to know how you generated the .sig files , i.e is there a specific app i can test with so that I get similar results to you.

Those are not mine. They were generated by people emailing me.

Judging by the individuals sending me those emails, I would guess:

• mutt
• thunderbird
• evolution

The file is usually called "signature.asc".

:-Dustin

[RC1140]

Cool my tests have primarily revolved around using the gpg binary with the detached signature option. Will let you know if there is more info I need as I test more.

[dustinkirkland]

Thanks!