Mailing List Archive: Signatures on GnuPG

Signatures on GnuPG

Apr 20, 2000, 11:11 PM

Post #1 of 5 (722 views)

HI there,
I am interested in using this nice looking software, but I see some
problems with
teh signatures. The key I down loaded from the web site is this
1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>
that is from your web site (official GnuPG).

I am puzzled to find that the rpm's that I down load are signed with
"pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID
3DCB0CDC."

Any suggestions? Where is this other key available? Why the
discrepancy?

Thanks,

Matt

Re: Signatures on GnuPG [ In reply to ]

ftobin at uiuc

Apr 20, 2000, 11:54 PM

Post #2 of 5 (723 views)

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt Red, at 06:11 -0000 on Fri, 21 Apr 2000, wrote:

> I am puzzled to find that the rpm's that I down load are signed with
> "pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID
> 3DCB0CDC."

Werner doesn't do the RPM's; he signs the source. The key you are
referring to is most likely the RPM builder's key.

- --
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjj/+1kACgkQVv/RCiYMT6M+DgCfUQb7jdbQJl3vc14+tEqRtxvK
tj8An21sesXg5nEsM/P0yWJTPpcAi2uR
=NM5q
-----END PGP SIGNATURE-----

Re: Signatures on GnuPG [ In reply to ]

drew at cesspool

Apr 21, 2000, 8:54 AM

Post #3 of 5 (717 views)

Permalink

On Fri, Apr 21, 2000 at 01:54:58AM -0500, Frank Tobin wrote:
> Matt Red, at 06:11 -0000 on Fri, 21 Apr 2000, wrote:
>
> > I am puzzled to find that the rpm's that I down load are signed with
> > "pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID
> > 3DCB0CDC."
>
> Werner doesn't do the RPM's; he signs the source. The key you are
> referring to is most likely the RPM builder's key.

Which, for what it's worth, is available on the keyservers:

$ gpg --recv-keys 3DCB0CDC
gpg: requesting key 3DCB0CDC from wwwkeys.us.pgp.net ...
gpg: key 3DCB0CDC: public key imported
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --list-keys 3DCB0CDC
pub 1024D/3DCB0CDC 1998-10-13 Fabio Coatti (Cova) <cova@felix.unife.it>
sub 2048g/2C83DFED 1998-10-13

You'll need a "keyserver" line in your .gnupg/options file for this.

--
Drew Bloechl
drew@cesspool.net

Re: Signatures on GnuPG [ In reply to ]

Pierre-Henri.Senesi at taloa

Apr 21, 2000, 2:07 PM

Post #4 of 5 (723 views)

Permalink

I am tired of receiving dozens of messages of this list.

I tried many times to unsubscribe. The mailing system does not work
properly
and the owner of the list (Lord of the Lists <listmaster@gnupg.org>)
explains
me that I am not subscribed. It appears now to me as harassment.

If everybody from the list reads this message he will probably
understand his
mistake and maybe do his duty.

Drew Bloechl wrote:

> On Fri, Apr 21, 2000 at 01:54:58AM -0500, Frank Tobin wrote:
> > Matt Red, at 06:11 -0000 on Fri, 21 Apr 2000, wrote:
> >
> > > I am puzzled to find that the rpm's that I down load are signed with
> > > "pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID
> > > 3DCB0CDC."
> >
> > Werner doesn't do the RPM's; he signs the source. The key you are
> > referring to is most likely the RPM builder's key.
>
> Which, for what it's worth, is available on the keyservers:
>
> $ gpg --recv-keys 3DCB0CDC
> gpg: requesting key 3DCB0CDC from wwwkeys.us.pgp.net ...
> gpg: key 3DCB0CDC: public key imported
> gpg: Total number processed: 1
> gpg: imported: 1
> $ gpg --list-keys 3DCB0CDC
> pub 1024D/3DCB0CDC 1998-10-13 Fabio Coatti (Cova) <cova@felix.unife.it>
> sub 2048g/2C83DFED 1998-10-13
>
> You'll need a "keyserver" line in your .gnupg/options file for this.
>
> --
> Drew Bloechl
> drew@cesspool.net
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature

Re: Signatures on GnuPG [ In reply to ]

cova at ferrara

Apr 22, 2000, 9:20 AM

Post #5 of 5 (716 views)

Permalink

On Fri, Apr 21, 2000 at 08:54:29AM -0700, Drew Bloechl wrote:
> On Fri, Apr 21, 2000 at 01:54:58AM -0500, Frank Tobin wrote:
> > Matt Red, at 06:11 -0000 on Fri, 21 Apr 2000, wrote:
> >
> > > I am puzzled to find that the rpm's that I down load are signed with
> > > "pg: Signature made Mon Jan 17 04:21:20 2000 EST using DSA key ID
> > > 3DCB0CDC."
> >
> > Werner doesn't do the RPM's; he signs the source. The key you are
> > referring to is most likely the RPM builder's key.
>
> Which, for what it's worth, is available on the keyservers:
>
> $ gpg --recv-keys 3DCB0CDC
> gpg: requesting key 3DCB0CDC from wwwkeys.us.pgp.net ...
> gpg: key 3DCB0CDC: public key imported
> gpg: Total number processed: 1
> gpg: imported: 1
> $ gpg --list-keys 3DCB0CDC
> pub 1024D/3DCB0CDC 1998-10-13 Fabio Coatti (Cova) <cova@felix.unife.it>
> sub 2048g/2C83DFED 1998-10-13

Yes, I can confirm this, the signature is mine :))

--
Fabio Coatti http://www.ferrara.linux.it/members/cova
Ferrara Linux Users Group http://ferrara.linux.it
GnuPG fp:6AB9 277E 9AA7 9D20 E82C 9EE7 2D17 E351 3DCB 0CDC
Old SysOps never die... they simply forget their password.