Hi Yishay, Okay here it goes...
I got the KEYS file by saving this url... https://downloads.apache.org/royale/KEYS there was 13 i imported. gpg --import KEYS https://dlcdn.apache.org/royale/0.9.12/binaries/ from the link above i got the asc it would have been like this gpg --verify *.asc *.filename the sum didnt check out either am i doing it the right way? thanks so much for helping Yishay. I will look at the other question you followed up on shortly. I can't wait to start project. I am speeding along and not worrying about .asc someone at apache said i would probably be okay with the binary link on the site but i always try to check at least. you have the coolest name ever -Yishay. I watch what goes on in Israel with great intent. turbulent times... I pray for peace one day. I will check back soon. THANKS :-) j. gpg --list-keys /home/funnysys/.gnupg/pubring.kbx --------------------------------- pub rsa4096 2012-08-19 [SC] BC1CAA3B706B8AB2B90153285C2B8102C1708693 uid [ unknown] OmPrakash Muppirala (CODE SIGNING KEY) <bigosma...@apache.org> sub rsa4096 2012-08-19 [E] pub rsa2048 2012-08-24 [SCEA] [expired: 2016-08-24] 17D73FA2308E1C1E8154D51300397EFE935E15AF uid [ expired] Erik de Bruin <erikdebr...@apache.org> pub rsa4096 2013-03-09 [SC] CEB8E6C7AEE265E474C7A23DEB3C3109458BCC72 uid [ unknown] Frédéric THOMAS <ftho...@apache.org> sub rsa4096 2013-03-09 [E] pub rsa4096 2013-12-17 [SC] E7F7B7D4944CAC457A14C0E983E0431CDA9CCFF2 uid [ unknown] Alex Harui (CODE SIGNING KEY) <aha...@apache.org> sub rsa4096 2013-12-17 [E] pub rsa4096 2016-09-09 [SC] B7150E7C5D9D4213DE83F1BE37479EAAEDF6613E uid [ unknown] Josh Tynjala (CODE SIGNING KEY) <joshtynj...@apache.org> sub rsa4096 2016-09-09 [E] pub rsa4096 2017-06-17 [SC] 44998F3E242727E94C4BADEB6B0A7EC905061FC8 uid [ unknown] Piotr Zarzycki (CODE SIGNING KEY) <pio...@apache.org> sub rsa4096 2017-06-17 [E] pub rsa2048 2020-03-23 [SC] [expired: 2022-03-23] 2C79787631929B6CE2079E4C45DA0752EA244F1B uid [ expired] Carlos Rovira <carlosrov...@apache.org> pub rsa2048 2020-04-13 [SC] [expired: 2022-04-13] A24666ECC40403A69143711898869FAC4B94469F uid [ expired] Yishay Weiss <yishayj...@hotmail.com> pub rsa4096 2020-04-13 [SC] [expires: 2025-04-12] FA6915D4A310509FD94AABA380CC74294C859089 uid [ unknown] Yishay Weiss (CODE SIGNING KEY) <yishayj...@hotmail.com> sub rsa4096 2020-04-13 [E] [expires: 2025-04-12] pub rsa4096 2015-11-08 [SC] [expired: 2019-11-08] 847B1CD324332313D41E4B2FEED39F7E300119C8 uid [ expired] Gavriel Harbater <ha...@apache.org> pub rsa4096 2020-07-09 [SC] [expired: 2024-07-09] 816F41010247D30334A1B93C64972753CED28A60 uid [ expired] Harbs <ha...@apache.org> pub rsa4096 2021-04-02 [SC] [expires: 2026-04-02] F4CE36E979325A6221706DB0E86EF353F54FE093 uid [ unknown] Yishay Weiss <yish...@apache.org> sub rsa4096 2021-04-02 [E] [expires: 2026-04-02] pub rsa4096 2021-04-19 [SC] 50888C560BB685563DB33E4DEB7A2F8680DF4F48 uid [ unknown] Joshua Tynjala <joshtynj...@apache.org> sub rsa4096 2021-04-19 [E] funnysys@funnysys-Inspiron-15-3520:~/Downloads$ gpg --verify apache-royale-0.9.12-bin-js-swf.tar.gz.asc apache-royale-0.9.12-bin-js.tar.gz gpg: Signature made Mon 18 Nov 2024 03:34:56 PM EST gpg: using RSA key F4CE36E979325A6221706DB0E86EF353F54FE093 gpg: BAD signature from "Yishay Weiss <yish...@apache.org>" [unknown] sha512sum apache-royale-0.9.12-bin-js-swf.tar.gz.sha512 4f68af3486fef9cb1cdddfcfe5c6c6319d257f38c42342a8819df1d9de9eb1546a9bde94c6bcabcfab82da873e6ef90d6ea6bf6214d28e30c4182b70f1c69a61 apache-royale-0.9.12-bin-js-swf.tar.gz.sha512not sure what to compare that to because there is no sum listed. thanks, bye On Monday, March 24th, 2025 at 3:29 AM, Yishay Weiss <yishayj...@hotmail.com> wrote: > Can you please clarify how you checked the signatures? > > --------------------------------------------------------------- > > From: Jim McNamara <jmcnamara10...@proton.me> > Sent: Thursday, March 20, 2025 3:44 PM > To: users@royale.apache.org <users@royale.apache.org> > Subject: please help with .asc key matching signature > > Hi Yishay and Hiedra- > > I may have misdirected my post earlier to the github site. > > Is there anyway you can check on the links for the binary download on the > main royale site (royale.apache.org) for v9.12 and see that it matches the > key from the apache KEYS file? > > I tried and got a bad signature today for both the source and the binary for > v9.12. > > thanks for any cool help you can render. > > and hiedra ...i will try to work around the issues with the tour de jewel as > best I can. > > I know ya'll are busy. > > thanks, > j. > > Sent with Proton Mail secure email.
