How do you check the fingerprint?
-Original Message-
From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Peter
Lebbing
Sent: Tuesday, March 17, 2015 4:19 PM
To: Doug Barton
Cc: GnuPG Users
Subject: Re: Copy Current GPG Installation to Another Server
On 17/03/15 22:04
On 3/17/15 1:54 PM, Peter Lebbing wrote:
-Original Message-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:07 PM
To: Clark Rivard
Subject: Re: Copy Current GPG Installation to Another Server
gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key
On 3/17/15 2:27 PM, Clark Rivard wrote:
How do you check the fingerprint?
Step 1 is that you have to get a validated version of the fingerprint of
the key that you would have been using to verify the package if you
could have downloaded that key in the first place.
The concept of
To: Clark Rivard
Cc: GnuPG Users
Subject: Re: Copy Current GPG Installation to Another Server
On 3/17/15 1:42 PM, Clark Rivard wrote:
I ran the recv-key command again and got a message about requesting
key...from hkp server pool... but then got HTTP fetch error 7 couldn't
connect: No error
Any
On 17/03/15 22:09, Clark Rivard wrote:
I used the sha1sum option and got the expected result - does this verify
the integrity adequately?
It's just as good as verifying the signature of a key with short ID 4F25E3B6. As
you can soon see elsewhere in this thread, I don't think it practically
Current GPG Installation to Another Server
On 3/17/15 1:42 PM, Clark Rivard wrote:
I ran the recv-key command again and got a message about requesting key...from hkp server
pool... but then got HTTP fetch error 7 couldn't connect: No error
Any ideas?
Try it a few more times, you may have gotten
On 17/03/15 22:04, Doug Barton wrote:
Assuming you get the package, the signature, and the fingerprint from the same
*.gnupg.org resources, what does that buy you?
Assuming they're all protected by https, nothing.
What does verification of that signature buy you though? That your download
On 3/17/15 2:19 PM, Peter Lebbing wrote:
On 17/03/15 22:04, Doug Barton wrote:
Assuming you get the package, the signature, and the fingerprint from the same
*.gnupg.org resources, what does that buy you?
Assuming they're all protected by https, nothing.
I think you missed my point. If all
On 3/17/15 7:23 AM, Clark Rivard wrote:
I currently have GPG 1.4.8 installed on a Windows server. Can the
c:\Programs Files (x86)\GNU\ directory simply be copied to another
server and used or do I need to go through the “download and
installation” process on the new server? Thanks.
1.4.8 is
On 3/17/15 4:17 PM, Peter Lebbing wrote:
On 2015-03-17 23:18, Doug Barton wrote:
I think you are asking way too much, and
giving near-zero value in return.
I'm not asking for anything.
Originally you suggested that they verify the fingerprint, and use that
to retrieve the key. Glad to see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/17/2015 11:02 PM, Peter Lebbing wrote:
On 17/03/15 22:56, Peter Lebbing wrote:
and checking it says
pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key
fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
uid [
On 2015-03-17 23:18, Doug Barton wrote:
I think you are asking way too much, and
giving near-zero value in return.
I'm not asking for anything. I suggested they check the plain SHA1
checksum or even not check at all! I'm merely opposed to making people
think the short key ID is any good for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/17/2015 10:04 PM, Doug Barton wrote:
On 3/17/15 1:54 PM, Peter Lebbing wrote:
-Original Message-
Assuming you get the package, the signature, and the fingerprint
from the same *.gnupg.org resources, what does that buy you?
@gnupg.org
Subject: Re: Copy Current GPG Installation to Another Server
On 3/17/15 7:23 AM, Clark Rivard wrote:
I currently have GPG 1.4.8 installed on a Windows server. Can the
c:\Programs Files (x86)\GNU\ directory simply be copied to another
server and used or do I need to go through
To: Clark Rivard
Cc: GnuPG Users
Subject: Re: Copy Current GPG Installation to Another Server
Please keep things on the list so that the most users can be helped.
You need to run the --recv-key command first, or the --verify command will
continue to fail.
Try this:
gpg --keyserver hkp://pool.sks
On 3/17/15 1:42 PM, Clark Rivard wrote:
I ran the recv-key command again and got a message about requesting key...from hkp server
pool... but then got HTTP fetch error 7 couldn't connect: No error
Any ideas?
Try it a few more times, you may have gotten a bad server from the pool.
If it
Message-
From: Doug Barton [mailto:dougb@dougbarton.email]
Sent: Tuesday, March 17, 2015 3:07 PM
To: Clark Rivard
Subject: Re: Copy Current GPG Installation to Another Server
You need to download the key referenced in the first message:
gpg --recv-key 4F25E3B6
then do your verify command again
17 matches
Mail list logo
