To which port GPG belongs?

Karol Kwiatkowski freebsd at orchid.homeunix.org
Wed Nov 22 07:41:51 PST 2006


On 22/11/2006 15:48, VeeJay wrote:
> Thanks for your quick thoughts...
> 
> I am still unable to verify Key
> 
> I have got this key from Apache site
> 
> 

[ key snipped ]

> but how to verify because....
> 
> When I give this command
> 
> # gpg httpd-2.0.59.tar.gz.asc
> gpg: Signature made Thu Jul 27 19:44:54 2006 CEST using RSA key ID 10FDE075
> gpg: Can't check signature: public key not found
> #

You don't have public key 0x10FDE075 in your keyring. You can either
download it from one of keyservers or form apache site:

$ fetch http://www.apache.org/dist/httpd/KEYS
KEYS                                      100% of  295 kB  108 kBps
$ gpg --import KEYS
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
[...]
gpg: key 10FDE075: public key [email] imported
[...]
gpg: Total number processed: 58
gpg:           w/o user IDs: 4
gpg:               imported: 52  (RSA: 24)
gpg:              unchanged: 2
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   1  signed:   4  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   4  signed:   0  trust: 4-, 0q, 0n, 0m, 0f, 0u



Then you can verify (here I'm verifying 1.3 version):

$ gpg --verify  apache_1.3.37.tar.gz.asc pathto/apache_1.3.37.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Thu 27 Jul 20:35:51 2006 CEST using RSA key ID
10FDE075
gpg: Good signature from "[email]
[...]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 33 16 9B 46 FC 12 D4 01  CA 6D DB D7 DE EA 4F D7


Be sure you read that last fat WARNING. It says the signature is
correct but my gnupg doesn't know if the key used to sign is trusted.
In reality that means I don't really know to whom the key really belongs.

HTH, but it you really want to use gnupg you should at least read
"Getting started"[1] form GnuPG site. Without understanding where it
all can fail you won't gain anything.

Regards,

Karol

[1] http://www.gnupg.org/gph/en/manual.html#INTRO

-- 
Karol Kwiatkowski  <freebsd at orchid dot homeunix dot org>
OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061122/969d57ac/signature.pgp


More information about the freebsd-questions mailing list