16.04.2012 07:12, Michael Talbot-Wilson kirjoitti: > Found nothing in the FAQ on this. > > I thought I'd start using gnupg, got the latest version and went > > gpg --verify gnupg-2.0.19.tar.bz2.sig gnupg-2.0.19.tar.bz2 > > Result: > > gpg: Signature made Tue 27 Mar 2012 19:33:35 CST using RSA key ID > 4F25E3B6 > gpg: Good signature from "Werner Koch (dist sig)" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 > E3B6 > > Just wondering who is masquerading as a guy named Werner Koch and > necessarily using an untrusted key. Maybe my named has been got at > and I'm not getting gnupg-2.0.19.tar.bz2 from where I think, right? > What is the IP address of the genuine site, can anyone tell me? > > Hum. Found the same re the character who supposedly signed GNU Hello, > one Karl Something-or-other. Same problem, someone faking his > identity...? (Assuming he exists, of course.) Is this normal? Why > the capitalized WARNING if it's normal? What's going on? A newbie'd > like to know. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
That warning means that you (or person whose key you have signed) hasn't signed that key. See also http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#reason_examples I hope that this helps. -- Mika Suomalainen gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728 Key fingerprint = 24BC 1573 B8EE D666 D10A AA65 4DB5 3CFE 82A4 6728
0x82A46728.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
