Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Nov 2006 16:40:37 +0100
From:      Karol Kwiatkowski <>
To:        VeeJay <>
Subject:   Re: To which port GPG belongs?
Message-ID:  <>
In-Reply-To: <>
References:  <>	<> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 22/11/2006 15:48, VeeJay wrote:
> Thanks for your quick thoughts...
> I am still unable to verify Key
> I have got this key from Apache site

[ key snipped ]

> but how to verify because....
> When I give this command
> # gpg httpd-2.0.59.tar.gz.asc
> gpg: Signature made Thu Jul 27 19:44:54 2006 CEST using RSA key ID 10FD=
> gpg: Can't check signature: public key not found
> #

You don't have public key 0x10FDE075 in your keyring. You can either
download it from one of keyservers or form apache site:

$ fetch
KEYS                                      100% of  295 kB  108 kBps
$ gpg --import KEYS
gpg: WARNING: using insecure memory!
gpg: please see for more information
gpg: key 10FDE075: public key [email] imported
gpg: Total number processed: 58
gpg:           w/o user IDs: 4
gpg:               imported: 52  (RSA: 24)
gpg:              unchanged: 2
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   1  signed:   4  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   4  signed:   0  trust: 4-, 0q, 0n, 0m, 0f, 0u

Then you can verify (here I'm verifying 1.3 version):

$ gpg --verify  apache_1.3.37.tar.gz.asc pathto/apache_1.3.37.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see for more information
gpg: Signature made Thu 27 Jul 20:35:51 2006 CEST using RSA key ID
gpg: Good signature from "[email]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
Primary key fingerprint: 33 16 9B 46 FC 12 D4 01  CA 6D DB D7 DE EA 4F D7=

Be sure you read that last fat WARNING. It says the signature is
correct but my gnupg doesn't know if the key used to sign is trusted.
In reality that means I don't really know to whom the key really belongs.=

HTH, but it you really want to use gnupg you should at least read
"Getting started"[1] form GnuPG site. Without understanding where it
all can fail you won't gain anything.




Karol Kwiatkowski  <freebsd at orchid dot homeunix dot org>

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla -



Want to link to this message? Use this URL: <>