[kde-doc-english] Kleopatra signature validation question
Michael Skiba
mailinglist at michael-skiba.de
Sun Feb 5 11:52:50 UTC 2012
Hi Mike,
at first: This is a mailinglist for people writing documentation for KDE - not
a support list, there are other ones :) [0]
> However, when I look this signature up using the "Lookup Certificates on
> Server" button, or when using an independent website, it looks like a valid
> signature. Am I doing something wrong? This doesn't make sense to me. Do I
> need to do something else, or is this an invalid signature?
Frankly I don't use Kleopatra, so I can't tell you. However I'll show you how
you'd to it via the commandline.
First you download the file you want + it's signature, just as you did. Then
you import the keys from the URL (I think there was a description in it, but
in general you download it and use "gpg --import _file_withkeys_" (you can also
use "gpg --recv-keys _keyID_")
You need to do that step, to verify the signature. Now you can exactly that
by: "gpg --verify apache-ant-1.8.2-bin.zip.asc apache-ant-1.8.2-bin.zip"
This should give you a message like this one:
gpg: Signature made Mon Dec 20 19:50:22 2010 CET using RSA key ID 82A7FBCD
gpg: Good signature from "Antoine Levy-Lambert (CODE SIGNING KEY)
<antoine at apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0BAD E59B 0EC2 4E68 C03C A481 5EFA D9FE 82A7 FBCD
Which basicly explains itself. The Signature fit's the key, though you don't
really know if Antoine Levy-Lambert is really who he claims he is. You'd need
to participate in the web of trust to get rid of that, but you can write me a
personal email if you want to know more about that.
Regards,
Michael
[0] http://kde.org/support/mailinglists/ [the kde one is the the right one]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-doc-english/attachments/20120205/663c8d82/attachment.sig>
More information about the kde-doc-english
mailing list