Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Nov 2006 16:40:37 +0100
From:      Karol Kwiatkowski <freebsd@orchid.homeunix.org>
To:        VeeJay <maanjee@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: To which port GPG belongs?
Message-ID:  <45646F75.5090808@orchid.homeunix.org>
In-Reply-To: <2cd0a0da0611220648g6b639930gf82fea1497e52b04@mail.gmail.com>
References:  <2cd0a0da0611220553y5d56689es1468b949448bf1e6@mail.gmail.com>	<45645904.8090108@orchid.homeunix.org> <2cd0a0da0611220648g6b639930gf82fea1497e52b04@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1834767C90C06C0A3C930D3B
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 22/11/2006 15:48, VeeJay wrote:
> Thanks for your quick thoughts...
>=20
> I am still unable to verify Key
>=20
> I have got this key from Apache site
>=20
>=20

[ key snipped ]

> but how to verify because....
>=20
> When I give this command
>=20
> # gpg httpd-2.0.59.tar.gz.asc
> gpg: Signature made Thu Jul 27 19:44:54 2006 CEST using RSA key ID 10FD=
E075
> gpg: Can't check signature: public key not found
> #

You don't have public key 0x10FDE075 in your keyring. You can either
download it from one of keyservers or form apache site:

$ fetch http://www.apache.org/dist/httpd/KEYS
KEYS                                      100% of  295 kB  108 kBps
$ gpg --import KEYS
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
[...]
gpg: key 10FDE075: public key [email] imported
[...]
gpg: Total number processed: 58
gpg:           w/o user IDs: 4
gpg:               imported: 52  (RSA: 24)
gpg:              unchanged: 2
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   1  signed:   4  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   4  signed:   0  trust: 4-, 0q, 0n, 0m, 0f, 0u



Then you can verify (here I'm verifying 1.3 version):

$ gpg --verify  apache_1.3.37.tar.gz.asc pathto/apache_1.3.37.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Thu 27 Jul 20:35:51 2006 CEST using RSA key ID
10FDE075
gpg: Good signature from "[email]
[...]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 33 16 9B 46 FC 12 D4 01  CA 6D DB D7 DE EA 4F D7=



Be sure you read that last fat WARNING. It says the signature is
correct but my gnupg doesn't know if the key used to sign is trusted.
In reality that means I don't really know to whom the key really belongs.=


HTH, but it you really want to use gnupg you should at least read
"Getting started"[1] form GnuPG site. Without understanding where it
all can fail you won't gain anything.

Regards,

Karol

[1] http://www.gnupg.org/gph/en/manual.html#INTRO

--=20
Karol Kwiatkowski  <freebsd at orchid dot homeunix dot org>
OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc


--------------enig1834767C90C06C0A3C930D3B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFZG98ezeoPAwGIYsRCBSSAKCFlpB3hDCpIW/rUeFoYgIx7b+FWwCgn5Ij
clZs0xDEu2DXy0VcoXGSqyY=
=v9G5
-----END PGP SIGNATURE-----

--------------enig1834767C90C06C0A3C930D3B--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?45646F75.5090808>