I did the following however I don't know how to get rid of the warning, (Any help appreciated)
~/Downloads ❯ gpg --list-keys ~/Downloads ❯ gpg --keyserver ipv4.pool.sks-keyservers.net --search-keys "Philip Hazel" gpg: data source: http://4.35.226.103:11371 (1) Philip Hazel <p...@hermes.cam.ac.uk> 2048 bit RSA key A4C4952AFB0F43D8, created: 2014-06-16 (revoked) (2) Philip Hazel <p...@cam.ac.uk> Philip Hazel <p...@cus.cam.ac.uk> Philip Hazel <p...@hermes.cam.ac.uk> 2048 bit RSA key 9766E084FB0F43D8, created: 2002-10-21 Keys 1-2 of 2 for "Philip Hazel". Enter number(s), N)ext, or Q)uit > 2 gpg: key 9766E084FB0F43D8: 1 duplicate signature removed gpg: key 9766E084FB0F43D8: public key "Philip Hazel <p...@hermes.cam.ac.uk>" imported gpg: Total number processed: 1 gpg: imported: 1 ~/Downloads took 4s ❯ gpg --verify pcre2-10.36.zip.sig pcre2-10.36.zip gpg: Signature made Fri Dec 4 06:29:04 2020 PST gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8 gpg: Good signature from "Philip Hazel <p...@hermes.cam.ac.uk>" [unknown] gpg: aka "Philip Hazel <p...@cam.ac.uk>" [unknown] gpg: aka "Philip Hazel <p...@cus.cam.ac.uk>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8 ================================================================================================ I also tried importing it, but same warning ~/Downloads ❯ gpg --import Public-Key gpg: key 9766E084FB0F43D8: public key "Philip Hazel <p...@cam.ac.uk>" imported gpg: Total number processed: 1 gpg: imported: 1 ~/Downloads ❯ gpg --verify pcre2-10.36.zip.sig pcre2-10.36.zip gpg: Signature made Fri Dec 4 06:29:04 2020 PST gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8 gpg: Good signature from "Philip Hazel <p...@cam.ac.uk>" [unknown] gpg: aka "Philip Hazel <p...@cus.cam.ac.uk>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8 Thanks Sumonto On Mon, Mar 22, 2021 at 1:11 PM Sumonto Ghosh <sumonto.gh...@gmail.com> wrote: > Hello, > I am trying to verify signature for 10.36 > However none of the public keyservers have the key > I did the following: > > gpg --list-keys > gpg --import Public-Key > gpg --verify pcre2-10.36.zip.sig pcre2-10.36.zip > > Wondering if I could verify the same using a --key-server > > Thanks > Sumonto > -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
