Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

What does that mean: PGP Signed by an unmatched address

379 views
Skip to first unread message

Bert Bormann

unread,
Oct 13, 2010, 5:05:13 PM10/13/10
to
Hello Group,

today I installed for a new user the current PGP 10 on a Win XP Pro SP3
with Lotus Notes.
Then we created a new pair of keys - all is perfect and working good.

The user sent an e-mail to another PGP-user encrypted by his key. The
decrypted message contained the following line:
<cite>
* PGP Signed by an unmatched address: 13.10.2010 at 17:42:25, Decrypted
</cite>

Anybody knows what's the reason of this?

Thanks and regards
Bert

1PW

unread,
Oct 13, 2010, 5:23:59 PM10/13/10
to

http://preview.tinyurl.com/3xa2pan

HTH

--
1PW

David W. Hodgins

unread,
Oct 13, 2010, 7:31:05 PM10/13/10
to
On Wed, 13 Oct 2010 17:05:13 -0400, Bert Bormann <news03.2...@spamgourmet.com> wrote:

> The user sent an e-mail to another PGP-user encrypted by his key. The
> decrypted message contained the following line:
> <cite>
> * PGP Signed by an unmatched address: 13.10.2010 at 17:42:25, Decrypted
> </cite>

http://forum.pgp.com/t5/PGP-Desktop-for-Windows/PGP-9-7-sending-signed-or-encrypted-mails-message/m-p/20408

The email address in the key, is not the same as the email
address in the "From:" header, in the received message.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Jorgen Grahn

unread,
Oct 14, 2010, 7:07:09 AM10/14/10
to
On Wed, 2010-10-13, David W. Hodgins wrote:
> On Wed, 13 Oct 2010 17:05:13 -0400, Bert Bormann <news03.2...@spamgourmet.com> wrote:
>
>> The user sent an e-mail to another PGP-user encrypted by his key. The
>> decrypted message contained the following line:
>> <cite>
>> * PGP Signed by an unmatched address: 13.10.2010 at 17:42:25, Decrypted
>> </cite>
>
> http://forum.pgp.com/t5/PGP-Desktop-for-Windows/PGP-9-7-sending-signed-or-encrypted-mails-message/m-p/20408
>
> The email address in the key, is not the same as the email
> address in the "From:" header, in the received message.

Hm, it seems to me that the warning message could have said that, and
Bert wouldn't have had to ask. The grammar seems to be slightly off in
the warning message, too -- as if it was written in some other
language and translated.

Is there a reason that timestamp is highlighted rather than e.g. the
mismatching "addresses"?

I'm not sure I would trust that software. There's some fuzzy thinking
going on there ...

/Jorgen

--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .

David W. Hodgins

unread,
Oct 16, 2010, 2:56:49 AM10/16/10
to
On Thu, 14 Oct 2010 07:07:09 -0400, Jorgen Grahn <grahn...@snipabacken.se> wrote:

> On Wed, 2010-10-13, David W. Hodgins wrote:
>> http://forum.pgp.com/t5/PGP-Desktop-for-Windows/PGP-9-7-sending-signed-or-encrypted-mails-message/m-p/20408
>> The email address in the key, is not the same as the email
>> address in the "From:" header, in the received message.

> Hm, it seems to me that the warning message could have said that, and

Agreed. I've never seen the message. While it was the first result in
a google search, that gave the answer, the message should be clearer.

> Bert wouldn't have had to ask. The grammar seems to be slightly off in
> the warning message, too -- as if it was written in some other

> language and translated from another language.

I think you're correct, that it was translated.

> Is there a reason that timestamp is highlighted rather than e.g. the
> mismatching "addresses"?

Don't know. I use gpg (I use linux), which, as far as I know, doesn't
have this message.

> I'm not sure I would trust that software. There's some fuzzy thinking
> going on there ...

Like gpg, pgp has always been open source, so you can inspect it yourself,
(like many security experts have), to see if there are any back doors.

Bert Bormann

unread,
Oct 18, 2010, 12:36:47 PM10/18/10
to
Bert Bormann wrote:
> Hello Group,

Thanks for your answers.
>
[...]

> <cite>
> * PGP Signed by an unmatched address: 13.10.2010 at 17:42:25, Decrypted
> </cite>
>

I found, that in the data field "sender" stands only the e-mail address
<forname....@domain.com>.
I suppose, that PGP expects to find "Forname Lastname
<forname....@domain.com>" like it is listed in the PGP keys list too.
We will try to change this in the configuration.

JWL

unread,
Mar 20, 2011, 4:56:58 AM3/20/11
to
It might mean that no e-mail address is on the sender's key.

I was given that option, and I consider it correct; so correct that I
added three e-mail addresses to mine, with "void" as the real name.
That allows people to sign my e-mail address, without signing my photo
or my given and family names.

It might mean that no e-mail address is on the sender's key.


David W. Hodgins

unread,
Mar 21, 2011, 2:50:30 PM3/21/11
to
On Sun, 20 Mar 2011 04:56:58 -0400, JWL <brew...@freenet.edmonton.ab.ca> wrote:

> It might mean that no e-mail address is on the sender's key.

The message means the message has a From: address that is not on
the key used to sign the message.

0 new messages