LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   gpg: public key not found (https://www.linuxquestions.org/questions/linux-newbie-8/gpg-public-key-not-found-329125/)

verbose 06-01-2005 04:47 AM
gpg: public key not found
 
I'm trying to get gpg to compare a signature file with the respective file.

gpg --verify *.tar.gz.asc *.tar.gz

Output:
gpg: Signature made Sat 29 Jan 2005 07:12:53 PM EST using DSA key ID CD706369
gpg: Can't check signature: public key not found

I know I have to import a public key but I don't know where to obtain this file and I've found very little information describing what to do.

I'm sure there is a simple resolution to this dilemna.
Thanks

infinity42 06-01-2005 05:25 AM
Where did you get the .tar.gz from? check their website for their public key, should be on there somewhere. Then you can import it into gpg. I don't remember how, as I started using the GPA front end (http://www.gnupg.org/(en)/related_so...gpa/index.html) - simple and gets the job done. You might want to try it.

Hope that helps

verbose 06-01-2005 03:51 PM
I will have to look around the site... thanks.
"gpg --import *.asc" is how you import it into the public keyring.

I normally like to stick with non-GUI solutions. However, I've been looking at Seahorse a little bit, which is also a frontend to GPG. I haven't heard of GPA, as I've had very little experience with GPG at this point, but it looks nice.

I found the pubkey for dnspython and have imported it. It would have been staring me right in the face if I would have looked for it in the appropriate place.

Here's the output:
gpg: Signature made Sat 29 Jan 2005 07:12:53 PM EST using DSA key ID CD706369
gpg: Good signature from "Bob Halley <halley@dnspython.org>"
gpg: Note: This key has expired!
Primary key fingerprint: 3E0C 63DB 06DE BFD9 B2FE A75B 75E0 3544 CD70 6369

I'm assuming it worked then...

I'm assuming there must be some way to list all imported pubkeys without the use of a nice GUI like Seahorse. The manpage for gpg is enormous.

slackDope 12-31-2009 02:16 PM
Thanks for the gpg key import tip!

sundialsvcs 12-31-2009 03:00 PM
Yes, indeed.

For those of you in the peanut gallery: systems like GPG use an encryption scheme in which there's a pair of keys. Anything encrypted with one can only be decrypted with the other and vice-versa.

A file is "signed" by generating some mathematical function result based on the document, then encrypting it using your private key. Anyone who has the corresponding public key can decrypt this result and compare it to their own result: if the two are the same, the signature is considered good.

GPG provides various "key servers" which are used to store public keys. The keys are filed by number. Key servers are used to store private keys only by idiots.


All times are GMT -5. The time now is 09:34 AM.