Ed Flecko: > O.K., thank you. > > So, I guess, gnupg won't verify an RSA key? > > Perhaps FreeBSD needs a different program other than gnupg or pgp to > verify this type of signature? How do most people verify the package > signature?
Below is my result on FreeBSD 8. Wietse % gpg --verify postfix-2.9.4.tar.gz.sig postfix-2.9.4.tar.gz gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Wed Aug 1 18:14:44 2012 EDT using RSA key ID C12BCD99 gpg: WARNING: digest algorithm MD5 is deprecated gpg: please see http://www.gnupg.org/faq/weak-digest-algos.html for more information gpg: found 0 ownertrust records gpg: migrated 0 version 2 ownertrusts gpg: checking the trustdb gpg: no ultimately trusted keys found gpg: Good signature from "Wietse Venema <wie...@porcupine.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB