Web lists-archives.com

Re: Verifying Digital Signatures




HP Garcia [2018-06-10 22:43:33-07] wrote:

> root@Ultraman:/usr/src# gpg2 --verify linux-4.17.tar.sign
> gpg: assuming signed data in 'linux-4.17.tar'
> gpg: Signature made Sun 03 Jun 2018 02:35:54 PM PDT
> gpg:                using RSA key 79BE3E4300411886
                                    ^^^^^^^^^^^^^^^^

> gpg: Can't check signature: No public key
>
> I tried several times trying to import keys belonging to Linus Torvalds
> and Greg Kroah-Hartman. Using this command:
>
> $ gpg2 --locate-keys torvalds@xxxxxxxxxx gregkh@xxxxxxxxxx

Download the key that was used to sign the package: 79BE3E4300411886.

    $ gpg2 --recv-key 79BE3E4300411886

Then the signature should verify nicely.

(Another question is the trust path from you or your key to the key that
was used to sign the package.)

-- 
/// Teemu Likonen   - .-..   <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///

Attachment: signature.asc
Description: PGP signature