From lurker-index@localhost Fri Sep 23 08:06:19 2016
Return-Path: <owner-mutt-users-M24771@mutt.org>
Received: from lin16.mojsite.com (178.218.164.164:993) by g0n.xdwgrp with
  IMAP4-SSL; 23 Sep 2016 06:06:19 -0000
Envelope-to: miro.rovis@croatiafidelis.hr
Delivery-date: Thu, 22 Sep 2016 11:27:51 +0200
Received: from shtjevan.gbnet.net ([194.70.142.36]:34318 helo=gbnet.net)
	by lin16.mojsite.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
	(Exim 4.87)
	(envelope-from <owner-mutt-users-M24771@mutt.org>)
	id 1bn0ID-0002c6-O8
	for miro.rovis@croatiafidelis.hr; Thu, 22 Sep 2016 11:27:45 +0200
Received: (qmail 20218 invoked by uid 611); 22 Sep 2016 09:24:45 -0000
Received: (qmail 18799 invoked from network); 22 Sep 2016 09:22:39 -0000
Received: from davin.gbnet.net (194.70.142.37)
  by shtjevan.gbnet.net with ESMTPS (DHE-RSA-AES256-SHA encrypted); 22 Sep 2016 09:22:39 -0000
Received: (qmail 26217 invoked from network); 22 Sep 2016 09:08:50 -0000
Received: from mail-1.fido.net (84.246.192.5)
  by davin.gbnet.net with ESMTPS (DHE-RSA-AES256-SHA encrypted); 22 Sep 2016 09:08:50 -0000
Received: from infra.glanzmann.de ([88.198.249.254])
	by mail-1.fido.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-SHA:256)
	(Exim 4.86)
	(envelope-from <thomas@glanzmann.de>)
	id 1bmzzr-00023a-0J
	for mutt-users@mutt.org; Thu, 22 Sep 2016 10:08:49 +0100
Received: by infra.glanzmann.de (Postfix, from userid 1000)
	id 815A527D0C39; Thu, 22 Sep 2016 11:08:44 +0200 (CEST)
Date: Thu, 22 Sep 2016 11:08:44 +0200
From: Thomas Glanzmann <thomas@glanzmann.de>
To: Mutt Users <mutt-users@mutt.org>
Subject: Re: PGP sigs fail verification
Message-ID: <20160922090844.GC12629@glanzmann.de>
Mail-Followup-To: Mutt Users <mutt-users@mutt.org>
References: <20160919141105.GF31779@g0n.xdwgrp>
 <20160919145833.uqsypbawzolll3ro@darac.org.uk>
 <20160919202536.GA31772@g0n.xdwgrp>
 <20160919225636.3870.1E81EEA4@matica.foolinux.mooo.com>
 <20160921024026.3334.07EDFD85@matica.foolinux.mooo.com>
 <20160921060257.GB29391@minitel.priv.enst-bretagne.fr>
 <20160921065025.6939.1A051757@matica.foolinux.mooo.com>
 <20160921191202.GB18462@lovelace.schplaf>
 <20160921193520.GA20438@x2.esmtp.org>
 <20160921195336.GD18462@lovelace.schplaf>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="OwLcNYc0lM97+oe1"
Content-Disposition: inline
In-Reply-To: <20160921195336.GD18462@lovelace.schplaf>
User-Agent: Mutt/1.7.0 (2016-08-17)
Received-SPF: pass (mail-1.fido.net: domain of glanzmann.de designates 88.198.249.254 as permitted sender) client-ip=88.198.249.254; envelope-from=thomas@glanzmann.de; helo=infra.glanzmann.de;
X-SPF-Result: mail-1.fido.net: domain of glanzmann.de designates 88.198.249.254 as permitted sender
X-Filter-ID: s0sct1PQhAABKnZB5plbIUZfs1/bqjmEAgqjle5UxOkf/s6GI7oMfIoxPsvys7w1x1wTMkEUUoeb
 KIhkyzl2dMyHM/lQINdtG8vrH1tD/1GHchG7UCGe+hbk6hFMPZaz+PGff+YzYL5j20ags2UEhvQ3
 aVvVbHgSqYpWl2k8PuWlf9FHzkAWuSdBA6ZpRK+22EpgsNVL5BgQIkhMwiP8i8Ai6X7rMezypCGq
 wF2/hOsTZZvWG477vbG9WUVlK84K7lDwqaQOWRlSg/1m7nfKVSeZ7vQqiw2+Ng8fcUHlhO+8Ksk+
 aedMfNWSnJswrtlNphw+9yLPRnj8MoMncKDE3aVrGDz6PnwUs7/50x+FT2mE2Fy427Aqdw9b+hnB
 VDzn4x7VJsG1z7fwBj6TyuxmwWYzx2Zgyhf3OXiddZgacWcqisd0GE7I1qIKXMSYcetTUZ3ArJZr
 8KAmKMKm2/6jAJxR5cqw1hyurD74/Y2jaauzHfq9G+e73agzxG1MsCE16J1fhOzjF0b4LXcjJZ5l
 oohsN4BKV+zjdY/nbor+5wdxTI5cnz3CwDo6ZaB1y7cr
X-Report-Abuse-To: spam@master.fido.net
Authentication-Results: fido.net; spf=pass smtp.mailfrom=thomas@glanzmann.de
X-FidoGuard-Class: ham
X-FidoGuard-Evidence: Combined (0.03)
X-Recommended-Action: accept
List-Post: <mailto:mutt-users@mutt.org>
List-Unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-users"
Precedence: bulk
Sender: owner-mutt-users@mutt.org
X-PlusHosting-MailScanner-Information: Please contact the ISP for more information
X-PlusHosting-MailScanner-ID: 1bn0ID-0002c6-O8
X-PlusHosting-MailScanner: Found to be clean
X-PlusHosting-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-6.299, required 5, autolearn=not spam, BAYES_00 -5.00,
	HEADER_FROM_DIFFERENT_DOMAINS 0.00, KAM_LAZY_DOMAIN_SECURITY 1.00,
	RCVD_IN_DNSWL_MED -2.30)
X-PlusHosting-MailScanner-From: owner-mutt-users-m24771@mutt.org
X-Spam-Status: No
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=


--OwLcNYc0lM97+oe1
Content-Type: multipart/mixed; boundary="5vNYLRcllDrimb99"
Content-Disposition: inline


--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hello,
I'm using mutt-1.7.0 with gpgme (newest self compiled version of gnupg).
For me all mails in the above thread have a valid signature with the
exception of the last two from Jean-Christophe Bach. But I'm pretty sure it is
because you clock is wrong. Because you're signature is from 1970:

[-- Begin signature information --]
*BAD* signature from: Jean-Christophe Bach (personal address) <jc.bach@schplaf.org>
                 aka: Jean-Christophe Bach (www.april.org) <jcbach@april.org>
                 aka: Jean-Christophe Bach (www.fsf.org) <jc.bach@member.fsf.org>
                 aka: Jean-Christophe Bach (Personal - LDN infrastructure) <jc@bach.altu.fr>
             created: Thu Jan  1 01:00:00 1970
[-- End signature information --]

Can you check your local time?

For others, this is how I build gnupg:

apt-get install texinfo transfig bison flex libbz2-dev libsqlite3-dev \
                libgnutls28-dev pkg-config libusb-1.0-0-dev libssl-dev \
                libpam0g-dev checkinstall yubikey-server-c

Find the build script, my GPG, GPGSM, GPGAgent configuration attached. In mutt
I just have configured:

set crypt_use_gpgme=yes

This is how I currently import SMIME certificates:

# On the workstation where gpg-agent is running:
# Import root certificate
gpgsm --import root.ca

# Trust Root Certificate
gpgsm -k --with-validation

# Import Keypair p12 or pem
gpgsm --import thomas_glanzmann_2018_09.p12

# On the remote system that invokes gpgsm git gpg agent forwarding:
vim .gnupg/gpgsm.conf
encrypt-to 0x11FC2AA1
include-certs -1

References:
http://wiki.mutt.org/?MuttGuide/UseSMIME
http://www.schmut.com/cheat-sheets/s-mime-key-management
https://wiki.netbsd.org/users/wiz/mutt-smime/

I'm using a yubikey 4 smartcard with my GPG key on it. Which I use with ssh
agent forwarding and gpg agent forwarding from my local machine to a remote
machine, where I run mutt. The smime key is on my local disk but encrypted with
a local transport passphrase. So are revoked old gpg keys.

Cheers,
        Thomas

--5vNYLRcllDrimb99
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="glanzmann-gpg-gpgsm-yubikey-notes.tar.bz2"
Content-Transfer-Encoding: base64

QlpoOTFBWSZTWVIyztMADLb/hf7/H9x+////f//f//////8ACAAEAQhgEX77AKPQnzfe17vO
aXlpr5txo8+t6y0eveZ6ehuNy7srWIBoNVsamuhhKImmgCZTTE9BDUzRG1TynowibaUybQmn
ojRiZAMEbSPKaeiAJJEBkyamTSTTTJH6mkyep6j1HqDQxGgAADTQAAAA0GGqbTEJMqfpT9Ua
MxNM1NNIZGmAmjEMgDAIwJoaZNDTEMgCUyQggkybJqntQaZTTT0mnqabUGgA00aNAyNAAAAN
AAZJUxigMhp6gA0GhoP1EABiAYIyGjQDIA0aaZAwkSEAjINBCM0pskxA1PKehpNAaaGjQAyA
AyA0DQPAH/7D3Q4DjKEFCpgFHhQEhGiQCXAhQhnLWXILpAqFzHU/mAycozqUxMrbPZYkEC74
DEBKCBjCBFVERRgMFTk93n3vuPTtZmNPAqw469Xm5cUOFdCRyl9ww9Hr1Ih6xKS+rjx8j6Ha
Xwm9veqi5u7p+OriwWYoI6m50ArdDu3nX/wiZV7+XPxwwk+r/D4PZ8IeQReNXV0KDLalaRDG
I3X5WMpa1cLGTOlzRg76WHyqjYf62i7GeJ6IRT+5R1BgZ0rJOKRyQ+mOeRNObhnrd0oYm9ec
hUGKavXZ+6o1U8imVQ7NfbahL0GF0dPf6zyA6sDeDU2LUqiLLhxWfyfeZXmdomBpbx5NzwU3
Xya1lE+Tv+KQ4ezJVN2ZDGUsvUF7XNEii1I3FK1uJvfCYiVJRw/Z06oMKuZvtoiZRknryY3D
z5M2t2hUBRVRRcHEIyQSlAAVNJHOJghGkSQxM+Sfx8PX+WZ0HHiQ5luZQ3aEbp49yvGUEMat
NTdobpY2qsXlxRtl9DKn6Gf1TWOJSE7mBIxVtkIzk7b6RdNC7c0MvWVRTBwCw0LOLudMa0gF
HrvSSx6Uvf+emXTCa5ip73bNptJMUEW7bveqKb0l1j/aYgg4MArMEfltWoFLbtOJgjEdMo6Q
RWWJsBgUwq9iU4XBnlwwECbEhXdZNx2Gx3DZG2+eg1T4zdAKX74l9I0pu5z7rBv6LCqVXCEt
zK2J6YGPruQPcuDj8Mk2ZQosrHTU3oZ51zeyWN3F3h8lSu7GydGPaihtMibutjwYm6TbiyK6
VphpNczgG/MUyQ3YZwVbRejhyWQvFy2uFcSqVY7UehtTy1D3pApPSjnE0LLCnYr5qK2Eo7jI
OQqhyVTnNJcKdXh7pLKR1FHXa94r3DzOZTpojHUxJFbNqlDFa1/RIXUYHrQVW7pPmMPLRn2a
Z1dbtcWQ5XCtlXri5+Hf43vyLjrZUg43E/PQlHUcKIg/xcfBUGMbOnJEWI6Nai6i0fZzccDw
r+dfGqxA/rFZh9fTwfrw0Sdjr9i/gw4b4axWmnrrkUyF8RBHCrC4cUnTKjUchA5f6ihIXa6i
kyQvwYFwJDnBW4GQ4aImffaXfgIc88J/J6XVUKYbGdkhbttDcKGO5iCMFIGbZdjacBHGQkSB
QuKyjDIb5gyULOSBCkDDUUJrUKYtJWMrPaKlIyWs8BfaO1lCPPLstw5COXHEolAaQcEMqdKE
BJAKEBhpQBg1RwoeEjEb1ErDIqKKl5MTCw45y8aI990LKv246rsbINDh+rTjbe4BksfSXNr4
Mldo2ANOs4Gw2dy2mWsIVLc7P2L7aDTEI6RGhhPnEOuK4NVnNDYARyrq3LeewO84gFfCt6fa
9xm2d97Os/5tGP6YIrv7Ymy+ujuFOi+2dydRsSfeI4pPi/O6gLwKb5RGdpOkRh0baqWFutng
4aLrFRtbZ13btXFwxnE51j8hrc37cw3oGDmkPsdrQUCzz6kde/wAuxC6BlGs2lOqnL5XI4VI
VZ65aBSYL1JxfHv9iQTBWMFHvNHiuu8fvIsmpwxer5GKdqNgtj0ZeW7vfR5evK03eYjoLmWV
HZpqzFryCi2CnuMQ+yAnwIJ1D1RRoKhoZ3nrjUj8k4qI81EL17CQG4WUaEkkAyDONWii+pAt
pmEbOkbhydZjro8qiEy80Ym3LTpy5JLeV7y9jpUTibQbE2oeK3Wi+6cnEydcpX9261cNaL3+
6iF8UxT7iPTjb1Z+gYbNriDD7RGyvWCluFvC1EzQEJ1PBaMgdGJoT5JvBkrrXXExMSluW4ON
eIu6gLExReJmZCmWRE+ZdeiTSti6V8MKjnItsnsmZovWIPgnOiqZrNHeYME6iogq7mVY9/VN
q5xCqIvFrbCCSdi7q1O6TjWLVl2/cFmxYhar3JEmVHAp5x9nys/JboN1BSAMtHVBc2+DTBGA
Q/ZdE3elUM2x1hkiCzsl2VENouaFvyGQb8rIaIS0aA20zGCFBjPI6jzFsF4jamC9Q3z0JWJM
hvCWCWbYmehcQtT5r6WtEtFV/j0an0s83OiKB0ONQ5aL+wFiK28OCaupdPM2o2bNmzfAlCKb
RDqx8lIhOQ2NmUpinihbRQdeJyKgNbFWAviDlQCy5bEuXJTxONQuBZB3i8r+tUqbNulOWdcf
mj27wWoBqWJWrblbSsA1a1tsNKV4Car5K04UGM6N3x02KCcuD8ueUTgouFxjETzOFGtyJOlc
IVrdbUA3UiEtqzSFX1Jriq9A7bo8lhKYoCs3Pj5VtpaI51pAXfWZPcira1Wu721a2kyV23us
ssVz3ret4bOCsVbotBotU2GddOjmVqke41mgUQXcxq8rS6stqxUXRdeaRA/FxIhNkRIAp+op
KRIoCkyMDH1N46q6y8SXAHuPtxaCGRHkhDbKmBWtalZ7v3ezNivEfeRZyRQtlc176s+gMNTV
XBhoaq6UZFiICceghEHAKnGcsjrlavVL9c6aZc+3bbBefvzh2QvvOeIxBYgubttMJTeKEd/o
NNTSm/clA2g7rBHhMVTRC8TtZLO4ZmGg5dZnbrrCz14JkamJZmWVAVJdlPBvbkFiCeK+GsWh
zFUvUa4fDsE2gt1qTG2UNUFTDyu8y7eCWuMTFheULo7kDvVmze3J3oDHXs6ByNjNWY0HI2Du
a7G6+zIYHbOttFoMqIL4gLUBOYtDrlLxTjTODSFhFihK8DhLLc6q8+ZGH4KgxXlapCpjcaAa
Urh1TYgU580GUS2kzCEWRWSHRiq7NLZqotITEyAsMAkVgYkbEFFtqJJcdMxgX4mKLRg0dqtT
QQENjhgaBGTIMGLUNDtHW6DkpzGEojllNkqcDIXGyq1BykgsvjQQczOxYGFya0DD6mvtqvFz
+7yul7vNBAXYwGTKDa6m84ujUxSCRFXgzpQsHZ0tTLRO83jQN1QUN6fK08u3sF2WlBOkh16C
FhARGgnKv1Q1BQZsstDFsmgLPCLgL3WWPBmWWrqLGkZrXq9YlmTjjGYmMAupddXG60Fu1ShX
bxKXAD6sxUmDaPk3CpnjKjMSitIyAlJlA/LKG9TVTqp8e47LUWAyxAwPW35YdBwK1I4WExY0
MzmQjdUXbFb0WSgjbO6mSqcNsGWixifW81e/WR8LHeJVGjJEWBzCYYQphQAoFDIz8bwJVxIf
KEb2SzqXD59moq0W6TcG3A1ir2j2dI3ALN5Tsn18Zx1zlULnODY7siRF9Mie63BFJKxYnuYb
o0aqOiY6N08cBqoKb7TAWiQmPfSBiVkCpbxJ8unp1d6S6EzxoPNmxpDaAYwDeK4dWGjE5mc5
5dyDsZ5TG+5hXeYoIUFYvBKhWUJEr+cDQuU0TZqcpKJtSADtKQB8DCgxTHDQjWAxJVPerU2i
JLW3fiOAXpMEEyR06zFRkSwt5u8Af9nxafL24a0Ixi9nYM2CBmAYUC7unlla3jBxayHH5AGc
C8OSRSpSC6wBIxJMAqQ8kZJMYjVMXHKI5yBcKa4ZUypcNQCGxiQ+wF80gigUQOFf13IbuGQk
As0EypQFCgSMkZBUNMByn6qqst75mCJNEIMLYEWU8Lx6VixqpiFMhRTo2kpkTY4NpyVIhMMB
KFTXyX1fOMZY166siban1uQ2kzu0/+5pXiJZr8GUvGjx6CN5193et+LOIwsHf5owRe2xcipG
g2uo9DmkfNxK/kdwMc+zZna/VbbgIoAPwmKjaCud0XxyVbA6WgcPMBQVQIjhnASi5yBIhnwU
ONVinTQMGuknYdJ6IbQ2Fj11BluUhwnD2gzkPY4Z1l3bmVKmXAA1sUE9ykxFHiDO2rbOncqb
otJsOaDIcBiqptNp7rlShBkWky467oxv/3JBnRGdRtdGu0Q3YbD0CvGUPkVi44IMtQV66VSO
ZMgj6kpHMk41MwDBtmtMczi6wquORYZQ32TBgDAGQ/BW6ERZqCxUyDqTBEyaiq60FxU6MhkH
jUTc0GlpkmRt9wVaONbaF71lMyKpJUhNEipIIEiURIMUJECCbzPONRlg98Ye2XhRQEsRWMAJ
AOIpzBVCKRFmPQgmKM0lIvd/iSK0qAaA1jHnIskSE7jK4bl1UcqUKwk3a1sYUNMEAhRKRIQO
ddtySTc5i3mO70V2Y0mFhBDerpj7jX3bI4DGDMjuEhitOhC0s9StSqmXh0vzWnVXdlnfclxs
rXip5mKKGFSDcDFhwQ5xA2NtoB7zSaKkGLNJqgC4sDw6WZF5YKUBbmULhp9QHv68KiLRe/4a
iho1bq88G9pzwL1rMjOW84mPku03aoQN9ZcNb+4EGsxAtGc/IrNESserbyWzMDRoaYAmMYCY
m0kGoaWvfKRrRIcm5ei9/kBo/kgOosn88qqVadl12bUtgGGRmVkmpmG3wnABjA3pYJgjMGUB
7gunbKmvNXhak6MKGJAV0bmSYwbRAFciq9d1pFS48VKyLvY0QE0FbhQQrbuvXdpIpB0IwOAG
qpXmc5bMSRKy0h6BFhgGqqsYdmryzDottovHkpm0nZY2sNOpG0ywLGkrndDYoBwQSO5stuVA
i4GAkRskRDk6O6NVMNczsaS1Vt2az1NVBVZW6ytVUmayoYobLU1OD0e5UIO5ua34mgPKs8/a
FbfAP+6tKG6oe5BkNGspkM5poXVPDL0mr3qLICyLuBRhEqsFcOsbBV8YjCMIjUL/osQtLSm1
J16wGi2ux5jtycuBleZEoRTjWNbC6E4sD6kMS+SAyJxZme2rEhpznQWY2IxNC2MOhTPrC0TL
VZJiYFlYMQLkFVvyUsMsPZ00yX3TgqSpkJSuTRea5oqKinm5Y3wKlt4sOKxJhVkooOKQqUix
p0QR21zkILEGBdbaJd7nAgsRg1BdnUpzSQunME2cOcqy3KL4jVRbNyxMBsBtKYAwkAPbIlYG
zAytdsOIgIyC6pGZdemBMOKhHFcLdOYF4g4CVfhyDG3QahLbjFDYyWdgZiBh7ryrZMo0IlOF
bGmEdAPeGQNw6q7Z3cQ40F6fSFZ7JA8TK5A9VU4OPdCiSVyqjpgGQ4bC/Y1xNjphJyo1rX/C
KURomUW0oXdlbQloUqDEipyLRgRcC4aJ34lZ7HpIJFgXm+Xu/VjJmZUK5Ik7UGaDQGo+qtYp
Kv04JnnhdDEqxmochtoNLz5iko6okmJjVUENE0ryS0EFKCSmkG1qh2iq1icosQZG8UbfzgB4
PgUvJ7ovXS3PzzZvgc8CurOh2OXLnJXsIXcF3JFOFCQUjLO0wA==

--5vNYLRcllDrimb99--

--OwLcNYc0lM97+oe1
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJX45+bAAoJEJ0QZHLW1Q26xJAP/28hCmhn1V/verdHp4dmKob/
UADCLK3bXR8JpsOpJS9g+Ln8pA+y3K4yTSB/bpLkUrHyBcJOHvuhbE70/Xdtnf0l
YN/uBoOArlSt9Qt5M1v23HOTxBNC7DuT4HuBYCNBv8L6tK4FwD0U4qlqq3qhxuzW
JMmvPVv1j8Y1qXD1/p0Rcqdlz205k7eTT/ZG0gQyrtnJ+LVQH492RIm8lH4+wG+2
prVqCzSPNtpIDb4Dh60kHnK5brIwc58s+GE98qpqkchJd3S5ki0N9duvYzjDkFV0
zQd/v6CUAEtelYSi+kM/YNwMY2p0k2TlsnNtuDv4PfM4/UA004shgH0E11lN5doa
YMbbd/nO1YanQRYeBzOz0x4YQ9J0BZqTfBfFhiTuhnhX/DeZ8lVe63v148u3dTWR
1CRxn+5hzrOqSpU11/yxjtsSuzVLKxf1ISS/W83bfynB78soEiKCoarC0RBTbL/Z
pHT0JAgV0/vrsFrtt+fQfradvLIQst5ispPAl3VXa0I/gXh+vsxSzUaD7BjFGpPt
UWumxLsRQL6p21bUU3K2OO4JorBS2jNX46J40kHWAaC78qCBpZAgGVMQUYfFr1M4
XDDxp9AAMPV3ncAWn1UYMK6Ya5+9Jlcs1QCMS83cVV2NW12znHlUiLedg/XcVu/U
UsvVu++otzN3LsMX+Xi7
=ZF0b
-----END PGP SIGNATURE-----

--OwLcNYc0lM97+oe1--
