Ed Flecko:
> O.K., thank you.
>
> So, I guess, gnupg won't verify an RSA key?
>
> Perhaps FreeBSD needs a different program other than gnupg or pgp to
> verify this type of signature? How do most people verify the package
> signature?
Below is my result on FreeBSD 8.
Wietse
% gpg --verify postfix-2.9.4.tar.gz.sig postfix-2.9.4.tar.gz
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made Wed Aug 1 18:14:44 2012 EDT using RSA key ID C12BCD99
gpg: WARNING: digest algorithm MD5 is deprecated
gpg: please see http://www.gnupg.org/faq/weak-digest-algos.html for more
information
gpg: found 0 ownertrust records
gpg: migrated 0 version 2 ownertrusts
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: Good signature from "Wietse Venema <wie...@porcupine.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB
