Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
nPth signature
gnupg-users at gnupg
Aug 11, 2023, 7:45 PM
Post #1 of 3 (172 views)
Permalink
Hi gnupg-users,

I think that nPth is might be signed with an expired signature.
Is this a problem?

Thanks!

P.S.
I downloaded from https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2 and https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig

This is what I see when I run

> gpg —-verify npth-1.6.tar.bz2.sig

When I run with a trusted gpg.


gpg: assuming signed data in 'npth-1.6.tar.bz2'
gpg: Signature made Mon Jul 16 07:37:23 2018 UTC
gpg: using RSA key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
gpg: Good signature from "Werner Koch (dist sig)" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Re: nPth signature [ In reply to ]
gnupg-users at gnupg
Aug 11, 2023, 11:09 PM
Post #2 of 3 (172 views)
Permalink
Hi,
On 2023/08/12 11:45, Daniel Rostovtsev via Gnupg-users wrote:
> I think that nPth is might be signed with an expired signature.
>
> Is this a problem?

No problem.

> I downloaded from https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2
> <https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2> and
> https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig
> <https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig>
>
>
> This is what I see when I run
>
>
> > gpg —-verify npth-1.6.tar.bz2.sig
>
>
> When I run with a trusted gpg.
>
>
>
> gpg: assuming signed data in 'npth-1.6.tar.bz2'
>
> gpg: Signature made Mon Jul 16 07:37:23 2018 UTC
>
> gpg:                using RSA key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
>
> gpg: Good signature from "Werner Koch (dist sig)" [expired]
>
> gpg: Note: This key has expired!
>
> Primary key fingerprint: D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6

The release date of nPth 1.6 is 2018-07-16 and the files were signed on
the same day.
On 2018-07-16, the key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 was
valid and not expired yet.

--
Kosuke Kaizuka <cai.0407@gmail.com>

Attached Files:

RE: nPth signature [ In reply to ]
gnupg-users at gnupg
Aug 11, 2023, 11:09 PM
Post #3 of 3 (172 views)
Permalink
On 2023-08-12 10:45, Daniel Rostovtsev via Gnupg-users wrote?
> Hi gnupg-users,
>
> I think that nPth is might be signed with an expired signature.
> Is this a problem?
>
> Thanks!
>
> P.S.
> I downloaded from https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2 and https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig
> This is what I see when I run
>
>> gpg ---verify npth-1.6.tar.bz2.sig
>
> When I run with a trusted gpg.
>
> gpg: assuming signed data in 'npth-1.6.tar.bz2'
> gpg: Signature made Mon Jul 16 07:37:23 2018 UTC
> gpg: using RSA key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
> gpg: Good signature from "Werner Koch (dist sig)" [expired]
> gpg: Note: This key has expired!
> Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6

Here's a note about these old expired keys: https://www.gnupg.org/signature_key.html
The key with fingerprint 4F25 E3B6 is not listed on that page, but I checked that it is indeed
included in that old public key block: https://gnupg.org/devel/old-signature-keys.asc

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal