On 3/17/15 4:34 PM, Kristian Fiskerstrand wrote:
On 03/17/2015 10:04 PM, Doug Barton wrote:
On 3/17/15 1:54 PM, Peter Lebbing wrote:
-Original Message-
Assuming you get the package, the signature, and the fingerprint
from the same *.gnupg.org resources, what does that buy you?
S
On 3/17/15 4:17 PM, Peter Lebbing wrote:
On 2015-03-17 23:18, Doug Barton wrote:
I think you are asking way too much, and
giving near-zero value in return.
I'm not asking for anything.
Originally you suggested that they verify the fingerprint, and use that
to retrieve the key. Glad to see n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/17/2015 10:04 PM, Doug Barton wrote:
> On 3/17/15 1:54 PM, Peter Lebbing wrote:
-Original Message-
>
> Assuming you get the package, the signature, and the fingerprint
> from the same *.gnupg.org resources, what does that buy y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/17/2015 11:02 PM, Peter Lebbing wrote:
> On 17/03/15 22:56, Peter Lebbing wrote:
>> and checking it says
>>
>> pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key
>> fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
>> ui
On 2015-03-17 23:18, Doug Barton wrote:
I think you are asking way too much, and
giving near-zero value in return.
I'm not asking for anything. I suggested they check the plain SHA1
checksum or even not check at all! I'm merely opposed to making people
think the short key ID is any good for v
@gnupg.org
Subject: Re: Copy Current GPG Installation to Another Server
On 3/17/15 7:23 AM, Clark Rivard wrote:
> I currently have GPG 1.4.8 installed on a Windows server. Can the
> c:\Programs Files (x86)\GNU\ directory simply be copied to another
> server and used or do I need to go th
On 17/03/15 22:34, Doug Barton wrote:
>> Assuming they're all protected by https, nothing.
>
> I think you missed my point. If all three resources related to verification
> are
> provided by the same source, then verifying the fingerprint gets you zero
> added
> security. It's more or less equiv
On 3/17/15 2:56 PM, Peter Lebbing wrote:
On 17/03/15 22:34, Doug Barton wrote:
Assuming they're all protected by https, nothing.
I think you missed my point. If all three resources related to verification are
provided by the same source, then verifying the fingerprint gets you zero added
secur
On 17/03/15 22:56, Peter Lebbing wrote:
> and checking it says
>
> pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
> Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
> uid [ full ] Werner Koch (dist sig)
> sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31
On 3/17/15 1:54 PM, Peter Lebbing wrote:
-Original Message-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:07 PM
To: Clark Rivard
Subject: Re: Copy Current GPG Installation to Another Server
gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key
On 3/17/15 2:19 PM, Peter Lebbing wrote:
On 17/03/15 22:04, Doug Barton wrote:
Assuming you get the package, the signature, and the fingerprint from the same
*.gnupg.org resources, what does that buy you?
Assuming they're all protected by https, nothing.
I think you missed my point. If all t
On 3/17/15 2:27 PM, Clark Rivard wrote:
How do you check the fingerprint?
Step 1 is that you have to get a validated version of the fingerprint of
the key that you would have been using to verify the package if you
could have downloaded that key in the first place.
The concept of validating
How do you check the fingerprint?
-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Peter
Lebbing
Sent: Tuesday, March 17, 2015 4:19 PM
To: Doug Barton
Cc: GnuPG Users
Subject: Re: Copy Current GPG Installation to Another Server
On 17/03/15 22:04
On 17/03/15 22:04, Doug Barton wrote:
> Assuming you get the package, the signature, and the fingerprint from the same
> *.gnupg.org resources, what does that buy you?
Assuming they're all protected by https, nothing.
What does verification of that signature buy you though? That your download
was
On 17/03/15 22:09, Clark Rivard wrote:
> I used the "sha1sum" option and got the expected result - does this verify
> the integrity adequately?
It's just as good as verifying the signature of a key with short ID 4F25E3B6. As
you can soon see elsewhere in this thread, I don't think it practicall
: GnuPG Users
Subject: Re: Copy Current GPG Installation to Another Server
On 3/17/15 1:42 PM, Clark Rivard wrote:
I ran the recv-key command again and got a message about "requesting key...from hkp server
pool..." but then got "HTTP fetch error 7 couldn't connect: No error&qu
rch 17, 2015 3:46 PM
To: Clark Rivard
Cc: GnuPG Users
Subject: Re: Copy Current GPG Installation to Another Server
On 3/17/15 1:42 PM, Clark Rivard wrote:
> I ran the recv-key command again and got a message about "requesting
> key...from hkp server pool..." but then got "H
>> -Original Message-
>> From: Doug Barton [mailto:dougb@dougbarton.email]
>> Sent: Tuesday, March 17, 2015 3:07 PM
>> To: Clark Rivard
>> Subject: Re: Copy Current GPG Installation to Another Server
>> gpg: Signature made Fri Feb 27 00:55:58 2015 PST
On 3/17/15 1:42 PM, Clark Rivard wrote:
I ran the recv-key command again and got a message about "requesting key...from hkp server
pool..." but then got "HTTP fetch error 7 couldn't connect: No error"
Any ideas?
Try it a few more times, you may have gotten a bad server from the pool.
If it s
March 17, 2015 3:28 PM
To: Clark Rivard
Cc: GnuPG Users
Subject: Re: Copy Current GPG Installation to Another Server
Please keep things on the list so that the most users can be helped.
You need to run the --recv-key command first, or the --verify command will
continue to fail.
Try this:
gpg -
sage-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:07 PM
To: Clark Rivard
Subject: Re: Copy Current GPG Installation to Another Server
You need to download the key referenced in the first message:
gpg --recv-key 4F25E3B6
then do your verify command again:
On 3/17/15 7:23 AM, Clark Rivard wrote:
I currently have GPG 1.4.8 installed on a Windows server. Can the
c:\Programs Files (x86)\GNU\ directory simply be copied to another
server and used or do I need to go through the “download and
installation” process on the new server? Thanks.
1.4.8 is da
I currently have GPG 1.4.8 installed on a Windows server. Can the c:\Programs
Files (x86)\GNU\ directory simply be copied to another server and used or do I
need to go through the "download and installation" process on the new server?
Thanks.
___
23 matches
Mail list logo