Date: Wed, 22 Nov 2006 16:40:37 +0100 From: Karol Kwiatkowski <freebsd@orchid.homeunix.org> To: VeeJay <maanjee@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: To which port GPG belongs? Message-ID: <45646F75.5090808@orchid.homeunix.org> In-Reply-To: <2cd0a0da0611220648g6b639930gf82fea1497e52b04@mail.gmail.com> References: <2cd0a0da0611220553y5d56689es1468b949448bf1e6@mail.gmail.com> <45645904.8090108@orchid.homeunix.org> <2cd0a0da0611220648g6b639930gf82fea1497e52b04@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig1834767C90C06C0A3C930D3B Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 22/11/2006 15:48, VeeJay wrote: > Thanks for your quick thoughts... >=20 > I am still unable to verify Key >=20 > I have got this key from Apache site >=20 >=20 [ key snipped ] > but how to verify because.... >=20 > When I give this command >=20 > # gpg httpd-2.0.59.tar.gz.asc > gpg: Signature made Thu Jul 27 19:44:54 2006 CEST using RSA key ID 10FD= E075 > gpg: Can't check signature: public key not found > # You don't have public key 0x10FDE075 in your keyring. You can either download it from one of keyservers or form apache site: $ fetch http://www.apache.org/dist/httpd/KEYS KEYS 100% of 295 kB 108 kBps $ gpg --import KEYS gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information [...] gpg: key 10FDE075: public key [email] imported [...] gpg: Total number processed: 58 gpg: w/o user IDs: 4 gpg: imported: 52 (RSA: 24) gpg: unchanged: 2 gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model gpg: depth: 0 valid: 1 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 4 signed: 0 trust: 4-, 0q, 0n, 0m, 0f, 0u Then you can verify (here I'm verifying 1.3 version): $ gpg --verify apache_1.3.37.tar.gz.asc pathto/apache_1.3.37.tar.gz gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Thu 27 Jul 20:35:51 2006 CEST using RSA key ID 10FDE075 gpg: Good signature from "[email] [...] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 33 16 9B 46 FC 12 D4 01 CA 6D DB D7 DE EA 4F D7= Be sure you read that last fat WARNING. It says the signature is correct but my gnupg doesn't know if the key used to sign is trusted. In reality that means I don't really know to whom the key really belongs.= HTH, but it you really want to use gnupg you should at least read "Getting started"[1] form GnuPG site. Without understanding where it all can fail you won't gain anything. Regards, Karol [1] http://www.gnupg.org/gph/en/manual.html#INTRO --=20 Karol Kwiatkowski <freebsd at orchid dot homeunix dot org> OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc --------------enig1834767C90C06C0A3C930D3B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFZG98ezeoPAwGIYsRCBSSAKCFlpB3hDCpIW/rUeFoYgIx7b+FWwCgn5Ij clZs0xDEu2DXy0VcoXGSqyY= =v9G5 -----END PGP SIGNATURE----- --------------enig1834767C90C06C0A3C930D3B--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45646F75.5090808>