Hi, > Dear OpenVPN-Team, > > I downloaded "openvpn-install-2.3.11-I601-x86_64.exe" from > "https://openvpn.net/index.php/download/community-downloads.html"; and > its signature and checked it using "GNU Privacy Assistant" with public > key of Samuli (ID 198D22A3 from 2009-11-21). "GNU Privacy Assistant" > says the signature is invalid. The public key of Samuli shows validity > unknown in GPA. > > Is the public key of Samuli out of date?
I doubt it, as the key does have an expiration date. To verify this I removed my GPG keychain and imported my own public key to a new, empty keychain: $ mv ~/.gnupg ~/.gnupg.orig $ wget http://swupdate.openvpn.net/community/keys/samuli_public_key.asc $ gpg --import samuli_public_key.asc gpg: directory `/home/samuli/.gnupg' created gpg: new configuration file `/home/samuli/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/samuli/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/samuli/.gnupg/secring.gpg' created gpg: keyring `/home/samuli/.gnupg/pubring.gpg' created gpg: /home/samuli/.gnupg/trustdb.gpg: trustdb created gpg: key 198D22A3: public key "Samuli Sepp�nen <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1 Then I downloaded and verified the file you mention: $ wget https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.11-I601-x86_64.exe $ wget https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.11-I601-x86_64.exe.asc $ gpg -v --verify openvpn-install-2.3.11-I601-x86_64.exe.asc gpg: armor header: Version: GnuPG v1 gpg: assuming signed data in `openvpn-install-2.3.11-I601-x86_64.exe' gpg: Signature made Tue May 10 12:07:26 2016 EEST using DSA key ID 198D22A3 gpg: using PGP trust model gpg: Good signature from "Samuli Sepp�nen <[email protected]>" gpg: aka "Samuli Sepp�nen <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0330 0E11 FED1 6F59 715F 9996 C29D 97ED 198D 22A3 gpg: binary signature, digest algorithm SHA1 In particular: gpg: Good signature from "Samuli Sepp�nen <[email protected]>" gpg: aka "Samuli Sepp�nen <[email protected]>" We've had quite a few issues with various GnuPG frontends being confused about the signatures we provide. Plain command-line GnuPG has always been more reliable. Best regards, -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
