On 22/11/2006 15:48, VeeJay wrote: > Thanks for your quick thoughts... > > I am still unable to verify Key > > I have got this key from Apache site > >
[ key snipped ] > but how to verify because.... > > When I give this command > > # gpg httpd-2.0.59.tar.gz.asc > gpg: Signature made Thu Jul 27 19:44:54 2006 CEST using RSA key ID 10FDE075 > gpg: Can't check signature: public key not found > # You don't have public key 0x10FDE075 in your keyring. You can either download it from one of keyservers or form apache site: $ fetch http://www.apache.org/dist/httpd/KEYS KEYS 100% of 295 kB 108 kBps $ gpg --import KEYS gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information [...] gpg: key 10FDE075: public key [email] imported [...] gpg: Total number processed: 58 gpg: w/o user IDs: 4 gpg: imported: 52 (RSA: 24) gpg: unchanged: 2 gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model gpg: depth: 0 valid: 1 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 4 signed: 0 trust: 4-, 0q, 0n, 0m, 0f, 0u Then you can verify (here I'm verifying 1.3 version): $ gpg --verify apache_1.3.37.tar.gz.asc pathto/apache_1.3.37.tar.gz gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Thu 27 Jul 20:35:51 2006 CEST using RSA key ID 10FDE075 gpg: Good signature from "[email] [...] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 33 16 9B 46 FC 12 D4 01 CA 6D DB D7 DE EA 4F D7 Be sure you read that last fat WARNING. It says the signature is correct but my gnupg doesn't know if the key used to sign is trusted. In reality that means I don't really know to whom the key really belongs. HTH, but it you really want to use gnupg you should at least read "Getting started"[1] form GnuPG site. Without understanding where it all can fail you won't gain anything. Regards, Karol [1] http://www.gnupg.org/gph/en/manual.html#INTRO -- Karol Kwiatkowski <freebsd at orchid dot homeunix dot org> OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc
signature.asc
Description: OpenPGP digital signature
