From owner-freebsd-questions@FreeBSD.ORG  Wed Nov 22 15:41:51 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2389816A4C9
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Nov 2006 15:41:51 +0000 (UTC)
	(envelope-from freebsd@orchid.homeunix.org)
Received: from orchid.homeunix.org (atu120.neoplus.adsl.tpnet.pl [83.27.2.120])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E195043D8A
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Nov 2006 15:40:32 +0000 (GMT)
	(envelope-from freebsd@orchid.homeunix.org)
Received: from [192.168.1.66] (blackacidevil.orchid.homeunix.org
	[192.168.1.66]) (authenticated bits=0)
	by orchid.homeunix.org (8.13.6/8.13.6) with ESMTP id kAMFeich033221
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Wed, 22 Nov 2006 16:40:48 +0100 (CET)
	(envelope-from freebsd@orchid.homeunix.org)
Message-ID: <45646F75.5090808@orchid.homeunix.org>
Date: Wed, 22 Nov 2006 16:40:37 +0100
From: Karol Kwiatkowski <freebsd@orchid.homeunix.org>
User-Agent: Thunderbird 1.5.0.8 (X11/20061110)
MIME-Version: 1.0
To: VeeJay <maanjee@gmail.com>
References: <2cd0a0da0611220553y5d56689es1468b949448bf1e6@mail.gmail.com>	<45645904.8090108@orchid.homeunix.org>
	<2cd0a0da0611220648g6b639930gf82fea1497e52b04@mail.gmail.com>
In-Reply-To: <2cd0a0da0611220648g6b639930gf82fea1497e52b04@mail.gmail.com>
X-Enigmail-Version: 0.94.1.0
OpenPGP: id=06E09309;
	url=http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enig1834767C90C06C0A3C930D3B"
X-Virus-Scanned: ClamAV 0.88.6/2228/Wed Nov 22 14:37:52 2006 on
	orchid.homeunix.org
X-Virus-Status: Clean
Cc: freebsd-questions@freebsd.org
Subject: Re: To which port GPG belongs?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: freebsd@orchid.homeunix.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2006 15:41:51 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1834767C90C06C0A3C930D3B
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 22/11/2006 15:48, VeeJay wrote:
> Thanks for your quick thoughts...
>=20
> I am still unable to verify Key
>=20
> I have got this key from Apache site
>=20
>=20

[ key snipped ]

> but how to verify because....
>=20
> When I give this command
>=20
> # gpg httpd-2.0.59.tar.gz.asc
> gpg: Signature made Thu Jul 27 19:44:54 2006 CEST using RSA key ID 10FD=
E075
> gpg: Can't check signature: public key not found
> #

You don't have public key 0x10FDE075 in your keyring. You can either
download it from one of keyservers or form apache site:

$ fetch http://www.apache.org/dist/httpd/KEYS
KEYS                                      100% of  295 kB  108 kBps
$ gpg --import KEYS
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
[...]
gpg: key 10FDE075: public key [email] imported
[...]
gpg: Total number processed: 58
gpg:           w/o user IDs: 4
gpg:               imported: 52  (RSA: 24)
gpg:              unchanged: 2
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   1  signed:   4  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   4  signed:   0  trust: 4-, 0q, 0n, 0m, 0f, 0u



Then you can verify (here I'm verifying 1.3 version):

$ gpg --verify  apache_1.3.37.tar.gz.asc pathto/apache_1.3.37.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Thu 27 Jul 20:35:51 2006 CEST using RSA key ID
10FDE075
gpg: Good signature from "[email]
[...]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 33 16 9B 46 FC 12 D4 01  CA 6D DB D7 DE EA 4F D7=



Be sure you read that last fat WARNING. It says the signature is
correct but my gnupg doesn't know if the key used to sign is trusted.
In reality that means I don't really know to whom the key really belongs.=


HTH, but it you really want to use gnupg you should at least read
"Getting started"[1] form GnuPG site. Without understanding where it
all can fail you won't gain anything.

Regards,

Karol

[1] http://www.gnupg.org/gph/en/manual.html#INTRO

--=20
Karol Kwiatkowski  <freebsd at orchid dot homeunix dot org>
OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc


--------------enig1834767C90C06C0A3C930D3B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFZG98ezeoPAwGIYsRCBSSAKCFlpB3hDCpIW/rUeFoYgIx7b+FWwCgn5Ij
clZs0xDEu2DXy0VcoXGSqyY=
=v9G5
-----END PGP SIGNATURE-----

--------------enig1834767C90C06C0A3C930D3B--