Re: [Duplicity-talk] verifying duplicity-0.7.06.tar.gz.sig

[Kenneth Loafman]

Refreshed the keys on subkeys.pgp.net

...Thanks,

...Ken

On Sat, Dec 19, 2015 at 4:29 AM, Chris Berkhout <address@hidden> wrote:

I'm running into trouble verifying the signature of the latest duplicity release.

$ gpg -vv --verify duplicity-0.7.06.tar.gz.sig

# off=0 ctb=89 tag=2 hlen=3 plen=284

:signature packet: algo 1, keyid 330B3C2A96A9EA9C

        version 4, created 1449489878, md5len 0, sigclass 0x00

        digest algo 2, begin of digest 56 71

        hashed subpkt 2 len 4 (sig created 2015-12-07)

        subpkt 16 len 8 (issuer key ID 330B3C2A96A9EA9C)

        data: [2047 bits]

gpg: assuming signed data in 'duplicity-0.7.06.tar.gz'

gpg: Signature made Mon 07 Dec 2015 23:04:38 AEDT

gpg:                using RSA key 0x330B3C2A96A9EA9C

gpg: Can't check signature: No public key

So, I need the public key for key ID 0x330B3C2A96A9EA9C, but when I try to fetch it it's not found.

$ gpg -vv --recv-keys 330B3C2A96A9EA9C

gpg: keyserver receive failed: No data

Kenneth Loafman sent the release announcement, but none of the keys I find with that name match the one used in the signature.

Who signed it and how can I get their public key?

Cheers,

Chris

_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk