Hi Pedro, *, On Thu, Sep 19, 2013 at 3:50 PM, Pedro <pedl...@gmail.com> wrote: > Christian Lohmaier-2 wrote >> My guess is that you misinterpreted whatever message gpg did print >> when verifying. (Like reporting the meaning - "Sorry, the file is a >> signature with the key AFEEAEA3, but I don't know the public key, so I >> cannot check whether the signature is correct") > [...] > <http://nabble.documentfoundation.org/file/n4074791/GPGcheck.png> > > Maybe GPG4Win is not the right tool?
It is just as I suspected. It tells you: This is a signature with key AFEEAEA3 (that is the last characters of the full ID for convenience), but I cannot verify it, because I don't know the public part of the key. It is not saying: The signature is invalid, and it is not saying: the signature is valid. It say: "cannot tell". (well, actually the dialog reads "Signature is invalid" because the public part is not available, but that is just to alert you of the problem, to especially avoid the situation of you thinking "GPG verification reported no errors" :-)) You need to import the key into your keyring, so that the tool can actually verify it. Not sure where in that tool you would do that, but on the commandline you could use gpg --keyserver hkp://keys.gnupg.net --recv-keys AFEEAEA3 to receive the key. Other keyservers can be used as well - the keyservers exchange the keys with each other. If it asks you to verify the key's fingerprint, it is: C283 9ECA D940 8FBE 9531 C3E9 F434 A1EF AFEE AEA3 ciao Christian _______________________________________________ List Name: Libreoffice-qa mailing list Mail address: Libreoffice-qa@lists.freedesktop.org Change settings: http://lists.freedesktop.org/mailman/listinfo/libreoffice-qa Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://lists.freedesktop.org/archives/libreoffice-qa/