Hi there,

when trying this:

gpg --verify gnupg-2.3.4.tar.bz2.sig gnupg-2.3.4.tar.bz2

I get that:

gpg: Signature made Mo 20 Dez 2021 22:52:45 CET
gpg:                using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
gpg: Good signature from "Werner Koch (dist signing 2020)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA
gpg: Signature made Di 21 Dez 2021 07:20:39 CET
gpg:                using EDDSA key AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
gpg: Can't check signature: No public key


First gpg says, good signature, then it says "no public key"?
Has the tarball been signed with two keys?
Verification was tried using gpg 2.3.1

Thanks!

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to