Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

GnuPG distribution signature

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


faramir.cl at gmail

Jan 30, 2012, 3:06 PM

Post #1 of 5 (807 views)
Permalink
GnuPG distribution signature

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,
Is key D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 (
0x4F25E3B6 ) the current key used for signing files? I suppose it is,
but I'd like to ask before issuing a local signature.

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJPJyJnAAoJEMV4f6PvczxAdT0IAIk+D4P847GCWn3bZbkIqHPI
rXZkdov92g25YfOXfZLJAB0J994IEdc+PwwV0T3/UdScxWxCuJpuRffVsxWyxVeO
phrV1C/7vQ81OdaUR0Rq2cPb3n2vjj4lbGNTj9KHkJ34LLt5ngPp6wInf1FDoBH0
rcjtBOcjHhVZq7iSFK8No6wwjeRwSrPjcJRtdmcu6kUT0dNK1X+1ke0/Lw2FfQg6
5cJcX+yZ02/u5fNwhOr5ALP5napSsFogu3DGUFm2TD91j3zso3LA5EbRGa1hmQk4
eZeA1VURQOuIKT9VJk8pr7oXJ7yjh0veWH1BIrHf0x6Su0f5uWYSm27zWX2mveA=
=XfC7
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


olav at enigmail

Jan 30, 2012, 10:34 PM

Post #2 of 5 (773 views)
Permalink
Re: GnuPG distribution signature [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hi Faramir,

> Is key 0x4F25E3B6 the current key used for signing files?

according to the website, it is:

In the 3rd text paragraph on http://gnupg.org/download/integrity_check.en.html
"signing key" links to http://gnupg.org/signature_key.en.html which lists

| pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
| Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
| uid Werner Koch (dist sig)
| sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]
|
| Releases done in the years 1996 to 2010 are signed by this key:
| [older key summyries and ascii-armored key follows]

That new key 4F25E3B6 is signed by the older signing key 1CE0C630.

Olav
- --
The Enigmail Project - OpenPGP Email Security For Mozilla Applications
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Dies ist eine elektronische Signatur - http://enigmail.mozdev.org/

iQGcBAEBAwAGBQJPJ4tUAAoJEKGX32tq4e9W94kL/jypq3l1Zwmi+N4Rjkokzuaw
hyx/yxU/hOqb1qE+v7sL8FdvD+jN0s+2QBOdjyya3ij1bz0s/zmNnbC64qpo818h
DxW8h73gvCX9bzAfrIk6WDvpOziBPi9z0BNOlFN7Q4dcqKmOCWRmugjp2/mU/uo5
eG4UMF9dM3cIy/5DLfOBC+Dq+xAJgc6c7XIR8NL/ifp6rFYyDRrEVLHKAtZ6s8/N
XNF99r0DuXIm4xmnhRJjx1nevg90SnotzLn3UbMmjFvrEOTFhk0QDXDlYybCauVd
pswvHdi8m+4uUgLjtQydR5BLwzBxCITdFqGI2ac8UsCk0KocAlrtzk8XrsirjA/I
sSBYdBNfEL0aVmrn2XZGHyPhUs+JSKAFOPQQ+96cJAk4uCf2/QhOCtCYfDpC9GuG
gKdhEFnkecZEwoCF+kRHtQSdZ/Uexr1NxZ45EHVrDTVSTC6rbWZWQ/pYllKL+L7u
kUvCdCuv33VPb0IscuLFFP0rMaSfrQ7JSWQGAfKihw==
=LmkF
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


laurent.jumet at skynet

Jan 30, 2012, 11:45 PM

Post #3 of 5 (778 views)
Permalink
Re: GnuPG distribution signature [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Hello Faramir !

Faramir <faramir.cl [at] gmail> wrote:

> Is key D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 (
> 0x4F25E3B6 ) the current key used for signing files? I suppose it is,
> but I'd like to ask before issuing a local signature.

This is what I get; seems you are using another key?

=== Begin Windows Clipboard ===
gpg: Signature made 01/31/12 00:06:15
gpg: using RSA key 0xEF733C40
gpg: Good signature from "Faramir.cl (It's a nickname, of course)
<faramir.cl [at] gmail>
"
gpg: aka "Faramir <faramir.cl [at] gmail>"
gpg: aka "Javier Fernández Almirall (aka Faramir.cl)"
gpg: aka "Javier Fernández Almirall (GSWoT:CL68)
<Faramir [at] gswot>"
gpg: aka "Javier Fernández Almirall (CAcert Assurer)
<jfernandez [at] cacert
cl>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 388C 1FBD BE98 35D7 BD02 253B 8212 1A45 4319 410E
Subkey fingerprint: 16B1 A455 916E AF30 0623 CA51 C578 7FA3 EF73 3C40
=== End Windows Clipboard ===


- --
Laurent Jumet
KeyID: 0xCFAF704C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)

iHEEAREDADEFAk8nnHkqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB
RjcwNEMuYXNjAAoJEPUdbaDPr3BMZBEAn1KG41qySnF/YKFKbRK/GBy6NLmyAJ9l
DITkg1T1miUtiMo9XPQ6WyY+Ew==
=ue/T
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

Jan 31, 2012, 12:15 AM

Post #4 of 5 (771 views)
Permalink
Re: GnuPG distribution signature [In reply to]

On Tue, 31 Jan 2012 00:06, faramir.cl [at] gmail said:
> Hello,
> Is key D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 (
> 0x4F25E3B6 ) the current key used for signing files? I suppose it is,

Yes, it is. See my OpenPGP mail header for a list of all my keys and
their descriptions.

There is a small error in the announcement:

gpg --recv-key 4F25E3B6

The distribution key 1CE0C630 is signed by the well known keys

It should say

gpg --recv-key 4F25E3B6

The distribution key 4F25E3B6 is signed by the well known keys


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


nicholas.cole at gmail

Feb 2, 2012, 9:07 AM

Post #5 of 5 (771 views)
Permalink
Re: GnuPG distribution signature [In reply to]

On Tue, Jan 31, 2012 at 8:15 AM, Werner Koch <wk [at] gnupg> wrote:
> On Tue, 31 Jan 2012 00:06, faramir.cl [at] gmail said:
>> Hello,
>>       Is key D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6 (
>> 0x4F25E3B6 ) the current key used for signing files? I suppose it is,
>
> Yes, it is.  See my OpenPGP mail header for a list of all my keys and
> their descriptions.
>
> There is a small error in the announcement:
>
>     gpg --recv-key 4F25E3B6
>
>   The distribution key 1CE0C630 is signed by the well known keys
>
> It should say
>
>     gpg --recv-key 4F25E3B6
>
>   The distribution key 4F25E3B6 is signed by the well known keys

I've long thought that one nightmare scenario for OpenPGP would be an
ISP or other network gateway that transparently scanned all data
passing through it looking for specific key ids and fingerprints and
which silently changed them in webpages, email etc to fraudulent
values. I can't imagine that it would be that difficult, and it would
be difficult to detect as well as tripping up anyone who relied on
"well-known" keys.

N

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.