On 27/10/2017 08:20, Lefty wrote: > Hi all, > > I recently downloaded the openvpn-install-2.4.4-I601.exe Windows > installer, along with the openvpn-install-2.4.4-I601.exe.asc signature file. > > I imported Samuli's new key ( fingerprint 6D04 F8F1 B017 3111 F499 795E > 2958 4D9F 4086 4578). > When I run PGP I get the following output: > > gpg: armor header: Version: GnuPG v1 > gpg: assuming signed data in 'openvpn-install-2.4.4-I601.exe' > gpg: Signature made 09/26/17 06:19:55 Pacific Daylight Time > gpg: using RSA key D72AF3448CC2B034 > gpg: Can't check signature: No public key > > It appears the installer has been signed with the "Security Mailing List > GPG Key" instead of the key described on the sig page. > > Am I doing the verification wrong? > Any suggestions much appreciated! > > -Lefty >
Hi, There's a link to the Security Mailing List key on the GnuPG public key page: <https://openvpn.net/index.php/open-source/documentation/sig.html> As mentioned on that page the Security Mailing List key has been used to sign releases from 2.3.16 and 2.4.3 onwards. I hope we don't have to shuffle the keys anymore in the near future. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
