Open offby1 opened 10 years ago
It appears we're not handling detached signatures properly. I'm not entirely sure how it would work U/I-wise, since you've only pasted in half of the needed data. For a detached signature, you also need to paste in the original file that the signature is computer over.
Sorry, I was afraid that would happen -- I only pasted the signature here in this bug report, but I pasted the entire email into keybase right before I got the unexpected message. I've updated my comment above with the complete message.
This might be related to #134.
I just received a PGP-signed message via gmail, and decided to paste it into keybase to verify it. I expected the verification to fail with a message to the effect of "this signature looks good, but it's from some random stranger that we can't vouch for", because the sender is indeed someone I've never tracked, or anything.
Anyway: here is what I did, and what I saw.
I grabbed the contents of the message from gmail by clicking the little dropdown in the upper-right, and choosing "show original". That took me to this URL (which of course will be a big fat 404 for you, since you're not me, but I'm including it for completeness): https://mail.google.com/mail/u/0/?ui=2&ik=f230ce0fde&view=om&th=14571740989ed74b
The message is your average multi-part MIME message with tons of headers; way down at the bottom there is what looks to me like a perfectly valid PGP signature block:
Anyway: I pasted the entire message into the big box at https://keybase.io/verify, and clicked the "Verify" button. But instead of seeing the message I expected, I simply saw
Error: Unknown message type: SIGNATURE
, which makes no sense to me at all.