Dear all, to try it you can use a general PGP key with subkeys. I Sign a file using my key that has a subkeys and it seems to be signed correctly using the correct subkey BUT if I ferify it an error appears: Signed on 2014-10-20 10:27 with unknown certificate 0x6E6CFF09AAE35EE3. The signature is invalid: System error and the 0x6E6CFF09AAE35EE3 is the correct subkey used to Sign it. Regards, Jordi
I can confirm this behavior. I'm using Kleopatra Version 2.2.0-git945878c (2014-11-25) downloaded as part of gpg4win 2.2.3 on Windows 7 64-bit. When I download https://www.torproject.org/dist/torbrowser/4.5a4/torbrowser-install-4.5a4_en-US.exe and https://www.torproject.org/dist/torbrowser/4.5a4/torbrowser-install-4.5a4_en-US.exe.asc, import the Tor Browser Developers (signing key) [0x4E2C6E8793298290], and attempt to verify it with Kleopatra, I get this message: Signed on 2015-02-25 01:55 with unknown certificate 0x5242013F02AFC851B1C736B87017ADCEF65C2036. The validity of the signature cannot be verified. When I use gpg 2.0.26 (again, obtained as part of gpg4win), I get the following output: gpg: Signature made 02/25/15 01:55:56 Central Standard Time using RSA key ID F65C2036 gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036
Git commit cf3385489036fe25e258d3f5f4cd61589a207b9f by Andre Heinecke. Committed on 28/03/2017 at 09:42. Pushed by aheinecke into branch 'master'. Improve decrypt verify result display This improves the look and information of the result status display when verifying files. The keys are now also fetched through GPGME and not over the keycache to ensure that tofu information is correct (if this is used). This also fixes a Bug because previously signings subkeys (like the one used to sign this commit) were not handled by kleopatra's sig key lookup. Although it's a bugfix it should stay in master because of the string changes. M +66 -74 src/crypto/decryptverifytask.cpp M +0 -2 src/crypto/decryptverifytask.h M +1 -2 src/uiserver/decryptverifycommandemailbase.cpp M +1 -2 src/uiserver/decryptverifycommandfilesbase.cpp https://commits.kde.org/kleopatra/cf3385489036fe25e258d3f5f4cd61589a207b9f