warrant canary fails signature verification
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
When trying to verify the warrant canary I get the following message.
BAD signature from:
VeraCrypt Team veracrypt@idrix.fr
Key id: EB559C7C54DDD393
The file is corrupted
If this is an error please fix it.
https://www.idrix.fr/VeraCrypt/canary.txt
Came to post the same. Canary fails verification.
Please update, if error.
gpg: 10/28/17 05:37:26 Eastern Daylight Timeに施された署名
gpg: RSA鍵EB559C7C54DDD393を使用
gpg: "VeraCrypt Team veracrypt@idrix.fr"からの不正な署名 [充分]
("Invalid Signature")
Last edit: lurkios 2017-11-01
Sorry, I do not know, what the both of you are doing, but everything is perfectly correct with the warrant canary. So no warning about any breech or so. I tested it on Oct. 30th and the signature was good. Please check Your method or the public key of yours.
Regards
Andreas
For any wondering, the signature continues to show invalid.
Additionally, I see project leaders have replied to several posts both before and after this - but no word here.
Last edit: lurkios 2017-11-05
Sorry lurkios,
in first place I'd like to know what project leaders You are talking about. I this thread 142 readers think, that the canary is not broken; only two persons think it is. I was the only one informing You about Your mistake.
Second: I definitely have a correct and proven public key needed for the verification and it worked for years. I doubt that there is any possible operation to make a verification look positive even though the object is broken. On the other hand there are many possibilities to fail in verification even though the object is not broken. I hope this makes it clear an finishes any further fruitless discussion.
Regards
Andreas
Despite the oddly strong objections of a single party, the verification continues to fail.
For short: the canary is valid. More than 200 readers are convinced, only 2 persons have problems in proving the validity.
Explanation: There are many. many possibilities to produce a false negative, but no known possibility to gain a false positive.
In case You have problems with the verification procedure, I advise You to search for support at the gpg forum. Here is not not the place for gpg problems. On gpg forum we might spot Your problem.
Regards
Andreas
Hi, when verifying the warrant canary signature, please save the canary.txt file and check it from your hard drive. Result should be good.
If you manually copy the canary contents in order to verify it, the presence of special characters may alter it in a way that makes it fail the signature verification (I suspect the error comes from the following line: "Former Guatemala leader Otto Pérez Molina to face trial").
Last edit: Homer Simpson 2017-11-16
You are perfectly right. I assumed it to be a well known fact and often made mistake to copy a signed document for verification. Often there are additional format informations - like HTML in this case - that prevent the verification process from being successful. Thanks for Your clarification once more.
Andreas