SL Baur <steve(a)xemacs.org&gt; writes: Join the club :-( There are just too many failure modes for using pgp 5 style signatures right now. Combine that with the fact that mailcrypt was never designed to be a library and bingo! The right scenario would be 1. We sign with pgp 2.6 for now 2. somebody writes a true digsignature.el that does its own parsing of the PGP armor and can accurately distinguish between 1. false signature. 2. PGP 5 sign used but only pgp 2.6 availaible 3. PGP 2.6 sign used but only gpg-norsa available 4. PGP available, but not setup for the user 5. no PGP available. [Note: I have seen all of these in real life except 1.] 3. This gets embedded in to package-get.el 4. We try again. That would be heaven for now. Jan