Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to verify GPG key #194

Closed
mct opened this issue Mar 10, 2014 · 2 comments
Closed

Unable to verify GPG key #194

mct opened this issue Mar 10, 2014 · 2 comments

Comments

@mct
Copy link

mct commented Mar 10, 2014

When attempting to verify my GPG key, I see:

Since you've imported a public key, you have to prove you hold the private key. This gpg command signs a statement assigning your public key to your Keybase username.

echo '{"body":{"key":{"fingerprint":"c41da1a2f8befdb2869069fd41830c51027b2cd0","host":"keybase.io","key_id":"41830c51027b2cd0","uid":"7cfe7a73edf6a01e9f3108c39eac9300","username":"mct"},"type":"web_service_binding","version":1},"ctime":1394488869,"expire_in":157680000,"prev":null,"seqno":1,"tag":"signature"}' | gpg -u '41830C51027B2CD0' -a --sign

I run the requested command, and paste in the output of GPG:

-----BEGIN PGP MESSAGE-----

owGbwMvMwMXo2MwTyFStc4Hx9IGyJIZgOdP2aqWk/JRKJatqpexUMJWWmZeeWlRQ
lJlXomSllGximJJomGiUZpGUmpaSZGRhZmlgZpmWYmJoYWyQbGpoYGSeZJScYqCk
o5SRXwzSATQmKbE4VS8zHygG5MRnpgBFsagvBUuYJ6elmieaG6empJklGhimWqYZ
GxpYJBtbpiYmWxobgBUWpxblJeamAlXnJpco1eoolVQWgHjlqUnxQLmyzOTU+KTM
vBSgy4HKy1KLijPz85SsDIEqk0syQRoNjS1NTCwsgK7XUUqtKMgsSo3PBKkwNTez
MAACHaWCotQyJau80pwcHaXi1MK8fKAs0KLEdKA9xZnpeYklpUWpSrVcnUyizKzg
kIOHJdevJP5/Vn3+RQ6C7FMvHxRlcQirFEhrl7ra6GVoXCPR+jZp04myslfeyWmV
PfOWMrftmDTlwzWpFqljlWcvW78s51hds/Li867d0xR7lzvOKXk4u+fW2Xnr+U/z
3HbrbjZ7bOb2Z5PYsfSN8VMexMwpd1VnO+Uxj79s37xpM6RryrMeSS6eNHfCPvl7
s6Wm1W4Ql/VUtDr5eWLd76bboWFHbtgbf9z+rejAq8ZD1ypTtme0Hep8tTflU2np
8QN5Jz3jhIT+WZ8z6/sfaWF/XWPi7BnnjvJM/c/hfuaMmuGNN59TTsxweNR0ZnJG
2Iqnv0I23/+/Z9oWjRl7ju29dWHWpt73THEdIvWBmzTFgzzzXdnXKqzqPPBC7ZjM
mn+P9v/72PrpwfyEO1xnFiqYfe9fsLy2ojh+UUi9+Z+0lu9hKYXvZneZb/x/w8yh
beo0XmfmRz0lN/Jff1ltLj7XYfbjrbUmhoq3XOrmSy+Zb5P2aPGumw9i2wLj21cU
zlSdeH+W5/m30XOuL8uo/f/0l6yLv87p6mXLbwdzT6ll2ntOTn1WxoaPf5q2Tdq1
euuLdfWnZjYn5DyKeX65vulF3b63yjtOz7mZ9uOB1dm1N5fNWb1jqZWI7o7GCTu3
8DCLz9zH2vHT7FaqUdfjz6J1vjmhr+YcUyzMDrvcPuFp8Uu+sm0ltxmWe0/lz/4d
/yCx5anp+6cfjTY+/q487VyCjQf7Ga+VYQA=
=0uuY
-----END PGP MESSAGE-----

The website responds with:

Bad signature uploaded: Expected a signature on the payload message

As an aside, it isn't clear to me if any of the information in the JSON blob is intended to be kept confidential, such as perhaps the uid field. I'll task the risk and assume that it's okay for that information to be public. If I'm wrong, please let me know.

-mct
@maxtaco
Copy link
Contributor

maxtaco commented Mar 11, 2014

I'll take a look now. It's only public info in your JSON blob. Other users of the site are verifying that exact info from their clients. Thanks for the feedback.

@maxtaco
Copy link
Contributor

maxtaco commented Mar 11, 2014

I see, it's a version 3 signature. Thought I had this working though. More in a bit..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mct @maxtaco