[kde-doc-english] Kleopatra signature validation question

Michael Skiba mailinglist at michael-skiba.de
Sun Feb 5 11:52:50 UTC 2012 

Hi Mike,

at first: This is a mailinglist for people writing documentation for KDE - not 
a support list, there are other ones :) [0]

> However, when I look this signature up using the "Lookup Certificates on
> Server" button, or when using an independent website, it looks like a valid
> signature. Am I doing something wrong? This doesn't make sense to me. Do I
> need to do something else, or is this an invalid signature? 
Frankly I don't use Kleopatra, so I can't tell you. However I'll show you how 
you'd to it via the commandline.

First you download the file you want + it's signature, just as you did. Then 
you import the keys from the URL (I think there was a description in it, but 
in general you download it and use "gpg --import _file_withkeys_" (you can also 
use "gpg --recv-keys _keyID_")

You need to do that step, to verify the signature. Now you can exactly that 
by: "gpg --verify apache-ant-1.8.2-bin.zip.asc apache-ant-1.8.2-bin.zip"

This should give you a message like this one:
gpg: Signature made Mon Dec 20 19:50:22 2010 CET using RSA key ID 82A7FBCD
gpg: Good signature from "Antoine Levy-Lambert (CODE SIGNING KEY) 
<antoine at apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0BAD E59B 0EC2 4E68 C03C  A481 5EFA D9FE 82A7 FBCD

Which basicly explains itself. The Signature fit's the key, though you don't 
really know if Antoine Levy-Lambert is really who he claims he is. You'd need 
to participate in the web of trust to get rid of that, but you can write me a 
personal email if you want to know more about that.

Regards,
Michael

[0] http://kde.org/support/mailinglists/  [the kde one is the the right one]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-doc-english/attachments/20120205/663c8d82/attachment.sig>

More information about the kde-doc-english mailing list