PGP error 3036:bad signature when PGP Command Line verifies the Signature

Products

PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption

Issue/Introduction

PGP Command Line has the ability to report on file integrity--that is, if a file has changed from the time it was encrypted, to the time it is decrypted.
Knowing this can tell you if you should trust the contents of the file or not. This article will go over this scenario.

Resolution

Part of encryption is "Signing", which is when a file is signed with a digital signature. This digital signature can then be used by the recipient to verify if the file integrity is still intact.

If the file integrity is intact, it means the file was not changed in transit.

If the file integrity is compromised, then the signature will not validate properly, and produce an error "3036:bad signature".

This "bad signature" error message is a feature and is not necessarily telling you something is broken within the PGP Command Line Product.
Rather, this error means there are aspects of the file you need to pay attention to. Did the file get changed in transit, and should you trust the contents at that point?

The file may still decrypt, but there is enough nuance in the file that 100% integrity cannot be established.

If bad signature is reported, it's best to tell the sender to re-transmit the file. Usually when the file is retransmitted, the file comes through just fine.

If you are seeing bad signature as a pattern, this typically indicates the transfer mechanism(s) in place are needing review.

One way to determine if the file was modified during transit is after the file is encrypted, get a "checksum" value of the file.

When the file arrives, re-check the checksum value. If the values do not match, then this would help explain the bad signature.

As documented, in addition to "Decryption", the --decrypt option will also attempt to verify a signature.

In the event that a file has been signed, the --decrypt will check if the file was modified in transit.

Files with bad signatures should be inspected to pinpoint where the verification is failing. Ideally, you should try to correct the bad signature.
If data nonrepudiation is not needed, then you can ignore the bad signature, and the PGP Command Line will commonly decrypt the file anyway and note the bad signature error:

Example of Good Signature:
encryptedfile.txt.pgp:decrypt (3177:message signed by key ID 0x12345678)
encryptedfile.txt.pgp:decrypt (3038:signing key 0x12345678 ProductionPGPKey <key@example.com>)
encryptedfile.txt.pgp:decrypt (3040:signature created 2023-01-16T04:09:01+05:00)
encryptedfile.txt.pgp:decrypt (3170:signature hash SHA256
encryptedfile.txt.pgp:decrypt (3035:good signature)
encryptedfile.txt.pgp:decrypt (3178:message signed by subkey ID 0x12345678)

Example of Bad Signature
(3038:signing key 0x123456789 ProductionPGPKey <key@example.com>)
encryptedfile2.txt.pgp:decrypt (3040:signature created 2023-01-16T04:09:01+05:00)
encryptedfile2.txt.pgp:decrypt (3170:signature hash SHA256)
encryptedfile2.txt.pgp:decrypt (3036:bad signature)
encryptedfile2.txt.pgp:decrypt (0:output file encryptedfile2.txt)

If you would like to have functionality to be able to skip verification, please reach out to Symantec Encryption Support and mentioned ID ISFR-2681.

For more information on how PGP Command Line works, see the product documentation or the following article:

158454 - Using PGP Command Line