Re: [pcre-dev] How to verify signature for 10.36

トップ ページ
このメッセージを削除
著者: Sumonto Ghosh
日付:  
To: pcre-dev
題目: Re: [pcre-dev] How to verify signature for 10.36
I did the following however I don't know how to get rid of the warning,
(Any help appreciated)

~/Downloads ❯ gpg --list-keys
~/Downloads ❯ gpg --keyserver ipv4.pool.sks-keyservers.net --search-keys
"Philip Hazel"
gpg: data source: http://4.35.226.103:11371
(1)     Philip Hazel <ph10@???>
          2048 bit RSA key A4C4952AFB0F43D8, created: 2014-06-16 (revoked)
(2)     Philip Hazel <ph10@???>
        Philip Hazel <ph10@???>
        Philip Hazel <ph10@???>
          2048 bit RSA key 9766E084FB0F43D8, created: 2002-10-21
Keys 1-2 of 2 for "Philip Hazel".  Enter number(s), N)ext, or Q)uit > 2
gpg: key 9766E084FB0F43D8: 1 duplicate signature removed
gpg: key 9766E084FB0F43D8: public key "Philip Hazel <ph10@???>"
imported
gpg: Total number processed: 1
gpg:               imported: 1
~/Downloads took 4s ❯ gpg --verify pcre2-10.36.zip.sig pcre2-10.36.zip
gpg: Signature made Fri Dec  4 06:29:04 2020 PST
gpg:                using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel <ph10@???>" [unknown]
gpg:                 aka "Philip Hazel <ph10@???>" [unknown]
gpg:                 aka "Philip Hazel <ph10@???>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B  46E5 9766 E084 FB0F 43D8


================================================================================================
I also tried importing it, but same warning

~/Downloads ❯ gpg --import Public-Key
gpg: key 9766E084FB0F43D8: public key "Philip Hazel <ph10@???>"
imported
gpg: Total number processed: 1
gpg:               imported: 1
~/Downloads ❯ gpg --verify pcre2-10.36.zip.sig pcre2-10.36.zip
gpg: Signature made Fri Dec  4 06:29:04 2020 PST
gpg:                using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel <ph10@???>" [unknown]
gpg:                 aka "Philip Hazel <ph10@???>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B  46E5 9766 E084 FB0F 43D8


Thanks
Sumonto


On Mon, Mar 22, 2021 at 1:11 PM Sumonto Ghosh <sumonto.ghosh@???>
wrote:

> Hello,
> I am trying to verify signature for 10.36
> However none of the public keyservers have the key
> I did the following:
>
> gpg --list-keys
> gpg --import Public-Key
> gpg --verify pcre2-10.36.zip.sig pcre2-10.36.zip
>
> Wondering if I could verify the same using a --key-server
>
> Thanks
> Sumonto
>