On +2021-02-11 21:37:56 +0100, Ricardo Wurmus wrote: > > Bengt Richter <[email protected]> writes: > > > gpg --verify gwl-0.3.0.tar.gz.sig > > gpg: assuming signed data in 'gwl-0.3.0.tar.gz' > > gpg: Signature made Sat 06 Feb 2021 09:28:59 PM CET > > gpg: using RSA key BCA689B636553801C3C62150197A5888235FACAC > > gpg: Good signature from "Ricardo Wurmus (Work) > > <[email protected]>" [expired] > > gpg: aka "rekado <[email protected]>" [expired] > > ┌──────────────────────────────────┐ > > │ gpg: Note: This key has expired! │ > > └──────────────────────────────────┘ > > You should get a fresh key from keys.openpgp.org > Its expiry is regularly extended. > Thanks for all your Fosdem/guix work first of all, but I expected
--8<---------------cut here---------------start------------->8--- [17:29 ~/bs]$ gpg --keyserver keys.gnupg.net --recv-keys BCA689B636553801C3C62150197A5888235FACAC gpg: key 197A5888235FACAC: 16 signatures not checked due to missing keys ┌───────────────────────────────────────────────────────────────────────────────────────────────┐ │ gpg: key 197A5888235FACAC: "Ricardo Wurmus (Work) <[email protected]>" not changed │ └───────────────────────────────────────────────────────────────────────────────────────────────┘ gpg: Total number processed: 1 gpg: unchanged: 1 --8<---------------cut here---------------end--------------->8--- to give me an updated key, and am left wondering why it didn't :) It seems I have a wrong default for keyserver: --8<---------------cut here---------------start------------->8--- [22:21 ~/bs]$ gpg --refresh-keys gpg: refreshing 6 keys from hkp://hkps.pool.sks-keyservers.net gpg: key 197A5888235FACAC: 14 signatures not checked due to missing keys ┌───────────────────────────────────────────────────────────────────────────────────────────────┐ │ gpg: key 197A5888235FACAC: "Ricardo Wurmus (Work) <[email protected]>" not changed │ └───────────────────────────────────────────────────────────────────────────────────────────────┘ --8<---------------cut here---------------end--------------->8--- Maybe the original advice for getting a key should be extended with the fresh key advice above (preferably the literal gpg command line, my guess re that boxed below). This seems to do it: ┌───────────────────────────────────────────────────────────────────────────────────────┐ │ gpg --recv-keys BCA689B636553801C3C62150197A5888235FACAC --keyserver keys.openpgp.org │ └───────────────────────────────────────────────────────────────────────────────────────┘ (though my first try was "gpg --refresh-keys --keyserver keys.openpgp.org" which only found you for the keys I have). --8<---------------cut here---------------start------------->8--- [22:44 ~/bs]$ gpg --recv-keys BCA689B636553801C3C62150197A5888235FACAC --keyserver keys.openpgp.org gpg: Note: '--keyserver' is not considered an option gpg: "--keyserver" not a key ID: skipping gpg: "keys.openpgp.org" not a key ID: skipping gpg: key 197A5888235FACAC: 16 signatures not checked due to missing keys gpg: key 197A5888235FACAC: "Ricardo Wurmus (Work) <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 --8<---------------cut here---------------end--------------->8--- Now gpg --verify works \o/ :) > > Ricardo -- Regards, Bengt Richter
