[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-discuss] How to gpg verify qemu-2.12.0.tar.xz?
|
From: |
Edward Smith |
|
Subject: |
Re: [Qemu-discuss] How to gpg verify qemu-2.12.0.tar.xz? |
|
Date: |
Wed, 20 Jun 2018 01:15:11 -0500 |
Great, thanks Thomas!
Apparently I was missing the 0x3353C9CE prefix from my key search. What is
that exactly?
Also, I got this output from verifying with this key:
gpg: Signature made Tue 24 Apr 2018 12:55:16 PM CDT using RSA key ID
F108B584
gpg: Good signature from "Michael Roth <address@hidden>"
gpg: aka "Michael Roth <address@hidden>"
gpg: aka "Michael Roth <address@hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584
I take it everything is ok?
(sidebar: I am surprised MIT allows HTTP access to the Public Key Server)
On Wed, Jun 20, 2018 at 12:47 AM Thomas Huth <address@hidden> wrote:
> On 20.06.2018 06:19, Edward Smith wrote:
> > Hello,
> >
> > I downloaded the following files to my Ubuntu machine:
> >
> > Jun 19 22:37 qemu-2.12.0.tar.xz
> > Jun 19 22:37 qemu-2.12.0.tar.xz.sig
> >
> > I then attempted to verify the gpg signature of the qemu-2.12.0.tar.xz
> file
> > and got the following output:
> >
> > gpg: Signature made Tue 24 Apr 2018 12:55:16 PM CDT using RSA key ID
> > F108B584
> > gpg: Can't check signature: public key not found
> >
> > I tried looking for RSA key with the ID F108B584 on the MIT public key
> > server but could not find it.
> >
> > Any ideas?
>
> It should be available on the MIT server:
>
> http://pgp.mit.edu/pks/lookup?op=vindex&search=0x3353C9CEF108B584
>
> HTH,
> Thomas
>