[Privoxy-users] GPG Import/Verify fails for Privoxy v3.0.34
Ian Silvester
iansilvester at fastmail.fm
Mon Mar 4 14:05:33 CET 2024
Hi Anthony,
Glad you got it to work. The hash file would be the md5sum (suffix .md5), which can be used only to validate that the file has not been altered since being posted, however the .asc file can do both that and confirm who created the file.
Enjoy the latest features of Privoxy!
Ian
On Mon, 4 Mar 2024, at 03:00, Anthony K wrote:
> This site says all is well if I see 'Good signature from...':
>
> https://www.baeldung.com/linux/verify-file-asc-signature
>
> Thanks for your help, Ian. I'm appeased.
>
> PS: I note that from the message back in 2017 there was mention of
> some HASH files - are those no longer published? I searched but
> couldn't find them.
>
>
> Cheers,
> ak.
>
>
> On 4/3/24 18:50, Anthony K wrote:
>> I've progressed further:
>>
>> $ gpg --keyserver keyserver.ubuntu.com --recv-keys 8BA2371C
>> gpg: key 691822918BA2371C: 4 duplicate signatures removed
>> gpg: key 691822918BA2371C: public key "Fabian Keil <fk at fabiankeil.de>" imported
>> gpg: Total number processed: 1
>> gpg: imported: 1
>>
>> And then I tried to verify again:
>>
>> $ gpg --verify privoxy-3.0.34-stable-src.tar.gz.asc
>> gpg: assuming signed data in 'privoxy-3.0.34-stable-src.tar.gz'
>> gpg: Signature made Sun 05 Feb 2023 15:56:40 AEDT
>> gpg: using RSA key 4F36C17F3816913654A1E850691822918BA2371C
>> gpg: Good signature from "Fabian Keil <fk at fabiankeil.de>" [unknown]
>> gpg: WARNING: This key is not certified with a trusted signature!
>> gpg: There is no indication that the signature belongs to the owner.
>> Primary key fingerprint: 4F36 C17F 3816 9136 54A1 E850 6918 2291 8BA2 371C
>>
>> That warning worries me though...
>>
>> ak.
> _______________________________________________
> Privoxy-users mailing list
> Privoxy-users at lists.privoxy.org
> https://lists.privoxy.org/mailman/listinfo/privoxy-users
More information about the Privoxy-users
mailing list