smujohnson at gmail
Aug 13, 2010, 4:48 PM
Post #1 of 1
Request for better instructions on verifying IDEA source signatures
I've been experimenting with the IDEA cipher 3rd party plugin files, and I
keep reading about how I should verify their signatures.
Unfortunately, the help provided by the GnuPG page for that is useless.
Sure, I get the .sig files, but nowhere, not even on the FTP site itself can
I find the public keys to verify the signature.
I started surfing around the GnuPG pages and read that I could find a
communal verifying key in the GnuPG\doc directory, but I don't see anything
in my Mingw32 installation. And the key provided in armored ascii format
does not match the signature. Great!
My argument: I think this is bad for getting people used to doing things
right, as actually doing the safe thing has become a wild-goose chase for
me. This by no-means encourages anyone to follow proper safety protocol if
the suggestion to verify the IDEA code is impossible or extremely difficult,
in this instance.
Thank you for reading.
smu johnson <smujohnson [at] gmail>