On 2014/04/17 13:12, Joseph S. Testa II wrote: > Hi all, > > I tried to verify the SHA256 sums at > http://ftp.openbsd.org/pub/OpenBSD/snapshots/armv7/SHA256 with the related > .sig file, but it didn't work: > > $ gpg --verify SHA256.sig SHA256 > gpg: no valid OpenPGP data found. > gpg: the signature could not be verified. > Please remember that the signature file (.sig or .asc) > should be the first file given on the command line. > > Looking at http://ftp.openbsd.org/pub/OpenBSD/snapshots/armv7/SHA256.sig, > I see: > > untrusted comment: signature from openbsd 5.5 base secret key > RWRGy8gxk9N935xWg20Ru3XLMEb6TGuUyCXIo9Pe0dP9nVMZMMMvscjhHEbrFZZGLvkEeQqYiVsAf1fyj6eSeQ1Y/aUOiiDPYAQ= > SHA256 (INSTALL.armv7) = > 81bf9b2a3ade9e61bbd9ac2ccf559a38d328ba4857ceaf68b6f983c8b8d22b5f > [...] > > It seems like it was generated incorrectly. > > - Joe >
This is not GPG. http://www.openbsd.org/cgi-bin/man.cgi?query=signify
