I did the following however I don't know how to get rid of the warning,
(Any help appreciated)
~/Downloads ❯ gpg --list-keys
~/Downloads ❯ gpg --keyserver ipv4.pool.sks-keyservers.net --search-keys
"Philip Hazel"
gpg: data source: http://4.35.226.103:11371
(1) Philip Hazel <ph10@???>
2048 bit RSA key A4C4952AFB0F43D8, created: 2014-06-16 (revoked)
(2) Philip Hazel <ph10@???>
Philip Hazel <ph10@???>
Philip Hazel <ph10@???>
2048 bit RSA key 9766E084FB0F43D8, created: 2002-10-21
Keys 1-2 of 2 for "Philip Hazel". Enter number(s), N)ext, or Q)uit > 2
gpg: key 9766E084FB0F43D8: 1 duplicate signature removed
gpg: key 9766E084FB0F43D8: public key "Philip Hazel <ph10@???>"
imported
gpg: Total number processed: 1
gpg: imported: 1
~/Downloads took 4s ❯ gpg --verify pcre2-10.36.zip.sig pcre2-10.36.zip
gpg: Signature made Fri Dec 4 06:29:04 2020 PST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel <ph10@???>" [unknown]
gpg: aka "Philip Hazel <ph10@???>" [unknown]
gpg: aka "Philip Hazel <ph10@???>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8
================================================================================================
I also tried importing it, but same warning
~/Downloads ❯ gpg --import Public-Key
gpg: key 9766E084FB0F43D8: public key "Philip Hazel <ph10@???>"
imported
gpg: Total number processed: 1
gpg: imported: 1
~/Downloads ❯ gpg --verify pcre2-10.36.zip.sig pcre2-10.36.zip
gpg: Signature made Fri Dec 4 06:29:04 2020 PST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel <ph10@???>" [unknown]
gpg: aka "Philip Hazel <ph10@???>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8
Thanks
Sumonto
On Mon, Mar 22, 2021 at 1:11 PM Sumonto Ghosh <sumonto.ghosh@???>
wrote:
> Hello,
> I am trying to verify signature for 10.36
> However none of the public keyservers have the key
> I did the following:
>
> gpg --list-keys
> gpg --import Public-Key
> gpg --verify pcre2-10.36.zip.sig pcre2-10.36.zip
>
> Wondering if I could verify the same using a --key-server
>
> Thanks
> Sumonto
>