BAD signature from "SuSE Security Team <security@suse.de>"

hi.
just out of curiosity i tried to verify signature of one of Novell’s security advisories (this one in particular) with gpg.
as suggested, i saved that page as text' with firefox, imported gpg-pubkey-3d25d3d9-36e12d04.asc into gpg's keyring and launched gpg --verify work/2009_25_udev.txt’:

[sergey@freebsd ~]$ LANG=C gpg --verify work/2009_25_udev.txt
Warning: using insecure memory!
gpg: Signature made Wed Apr 22 19:32:56 2009 MSD using RSA key ID 3D25D3D9
gpg: BAD signature from "SuSE Security Team <security@suse.de>"

funny, huh? may be i was doing something wrong?

Seems fine to me…

Though I did come across something… Hopefully someone can say why…


lynx --dump --nolist http://www.novell.com/linux/security/advisories/2009_25_udev.html > keyfile.asc

gpg2 --verify keyfile.asc
gpg: Signature made Wed 22 Apr 2009 15:32:56 GMT using RSA key ID 3D25D3D9
gpg: BAD signature from "SuSE Security Team <security@suse.de>"

Returns a bad sig, but if I highlight and paste…


gpg2 --verify key.asc
gpg: Signature made Wed 22 Apr 2009 15:32:56 GMT using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 73 5F 2E 99 DF DB 94 C4  8F 5A A3 AE AF 22 F2 D5

gpg2 --keyserver hkp://subkeys.pgp.net --recv 3D25D3D9
gpg: requesting key 3D25D3D9 from hkp server subkeys.pgp.net
gpg: key 3D25D3D9: "SuSE Security Team <security@suse.de>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

I’m really not sure why, but I don’t think you need to worry.