On Freitag, 8. Juli 2022 22:55:07 CEST Konstantin Ryabitsev via Gnupg-users wrote: > I'm trying to verify swdb.lst.sig, but I can't: > > $ gpg --verify swdb.lst.sig > gpg: assuming signed data in 'swdb.lst' > gpg: Signature made Wed 06 Jul 2022 02:26:07 PM EDT > gpg: using ECDSA key 02F38DFF731FF97CB039A1DA549E695E905BA208 > gpg: Can't check signature: No public key > > That key doesn't appear to be provided via > https://gnupg.org/signature_key.asc.
Yes, it is. ``` $ curl https://gnupg.org/signature_key.asc | gpg --import [...] gpg: key 549E695E905BA208: 1 signature not checked due to a missing key gpg: key 549E695E905BA208: public key "GnuPG.com (Release Signing Key 2021)" imported gpg: Total number processed: 4 gpg: imported: 4 $ gpg -k 02F38DFF731FF97CB039A1DA549E695E905BA208 pub brainpoolP256r1/549E695E905BA208 2021-10-15 [SC] [expires: 2029-12-31] 02F38DFF731FF97CB039A1DA549E695E905BA208 uid [ unknown] GnuPG.com (Release Signing Key 2021) ``` See https://dev.gnupg.org/T5949#159890 for why it doesn't work for you. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users