Re: [Openvpn-users] OpenVPN 2.4.9 released

Simon Deziel Thu, 23 Apr 2020 10:57:10 -0700

On 2020-04-21 1:41 p.m., David Sommerseth wrote:
> On 21/04/2020 18:32, Simon Deziel wrote:
>> Hello,
>>
>> I cannot validate the Windows exe files [1] and [2] using the key
>> advertised in [3].
>>
>> $ gpg --verify openvpn-install-2.4.9-I601-Win7.exe.asc
>> gpg: assuming signed data in 'openvpn-install-2.4.9-I601-Win7.exe'
>> gpg: Signature made Fri 17 Apr 2020 07:25:11 AM EDT
>> gpg:                using RSA key 333D46306CF9D9F1F630DB8D96AEC408005D6BB4
>> gpg: Can't check signature: No public key
>>
>> $ gpg --verify openvpn-install-2.4.9-I601-Win10.exe.asc
>> gpg: assuming signed data in 'openvpn-install-2.4.9-I601-Win10.exe'
>> gpg: Signature made Fri 17 Apr 2020 07:25:00 AM EDT
>> gpg:                using RSA key 333D46306CF9D9F1F630DB8D96AEC408005D6BB4
>> gpg: Can't check signature: No public key
>>
>>
>> $ gpg --list-keys F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7
>> pub   rsa4096/0x12F5F7B42F2B01E7 2017-02-09 [SC] [expires: 2027-02-07]
>>       Key fingerprint = F554 A368 7412 CFFE BDEF  E0A3 12F5 F7B4 2F2B 01E7
>> uid                   [ unknown] OpenVPN - Security Mailing List
>> <secur...@openvpn.net>
>>
>>
>> Did I download the right files?
>>
>> $ sha256sum openvpn-install-2.4.9-I601-Win*
>> 4f95a674c3ffafd85062df995a182cfb57ca56d96084472a48a65c546c815f0c
>> openvpn-install-2.4.9-I601-Win10.exe
>> 340a6b917c5358a18e4ed283669e8d59073720184dba2d1f2965512c9cac18ad
>> openvpn-install-2.4.9-I601-Win10.exe.asc
>> 495754e6f3e40a056b947d496729f3ba78aaf0458d80ff08991c27bddf386139
>> openvpn-install-2.4.9-I601-Win7.exe
>> b15e4b34756446589cc609d5d08fe5daba98c34463135b7abfab1538722c4c4e
>> openvpn-install-2.4.9-I601-Win7.exe.asc
> 
> 
> Try refreshing the PGP keys.  We pushed out new keys in early March, but seems
> the web page was not updated.
> 
>     $ gpg --refresh-keys F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7
> 
> This should do the proper key update and the verification should work just
> fine.  We always publish the security public key to key servers whenever they
> are updated.


I tried all the above and even did so in a fresh container. The subkey
333D46306CF9D9F1F630DB8D96AEC408005D6BB4 simply not there:

$ gpg --edit-key F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


pub  rsa4096/12F5F7B42F2B01E7
     created: 2017-02-09  expires: 2027-02-07  usage: SC
     trust: unknown       validity: unknown
The following key was revoked on 2019-02-04 by RSA key 12F5F7B42F2B01E7
OpenVPN - Security Mailing List <secur...@openvpn.net>
sub  rsa4096/F80E8008F6D9F8D7
     created: 2017-02-09  revoked: 2019-02-04  usage: E
The following key was revoked on 2019-02-04 by RSA key 12F5F7B42F2B01E7
OpenVPN - Security Mailing List <secur...@openvpn.net>
sub  rsa4096/D72AF3448CC2B034
     created: 2017-02-09  revoked: 2019-02-04  usage: S
sub  rsa4096/5DC351805ACFEAC6
     created: 2019-02-04  expired: 2020-03-09  usage: S
sub  rsa4096/865CD44C3FEA78DB
     created: 2019-02-04  expired: 2020-03-09  usage: E
sub  rsa4096/0A24DFCF907F94CF
     created: 2018-03-07  expired: 2019-03-07  usage: E
sub  rsa4096/F132B1CBAF131CAE
     created: 2018-03-07  expired: 2019-03-07  usage: S
[ unknown] (1). OpenVPN - Security Mailing List <secur...@openvpn.net>

Simon


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] OpenVPN 2.4.9 released

Reply via email to