Hi Jim, I ran verify on one of the files [1] and the result looks good to me. Oddly, I don't see it on the KEYS file, although it does appear in OpenPGP Keyserver<https://keyserver.ubuntu.com/>. I'll try to figure out why a bit later. OpenPGP Keyserver<https://keyserver.ubuntu.com/> This server is powered by the open-source keyserver software Hockeypuck.Hockeypuck is a synchronising keyserver that acts as part of a decentralised networked database for OpenPGP public keys.. To report a bug in the Hockeypuck software, or contribute to its development, please visit the Hockeypuck project on GitHub. keyserver.ubuntu.com
[1] C:\Users\yisha\Downloads>gpg --verify KEYS1.asc apache-royale-0.9.12-bin-js.zip gpg: Signature made 11/18/2024 8:35:01 PM GMT Standard Time gpg: using RSA key F4CE36E979325A6221706DB0E86EF353F54FE093 gpg: Good signature from "Yishay Weiss <[email protected]>" [ultimate] You can ________________________________ From: Jim McNamara <[email protected]> Sent: Monday, March 24, 2025 1:12 PM To: [email protected] <[email protected]> Subject: Re: please help with .asc key matching signature Hi Yishay, Okay here it goes... I got the KEYS file by saving this url... https://downloads.apache.org/royale/KEYS there was 13 i imported. gpg --import KEYS https://dlcdn.apache.org/royale/0.9.12/binaries/ from the link above i got the asc it would have been like this gpg --verify *.asc *.filename the sum didnt check out either am i doing it the right way? thanks so much for helping Yishay. I will look at the other question you followed up on shortly. I can't wait to start project. I am speeding along and not worrying about .asc someone at apache said i would probably be okay with the binary link on the site but i always try to check at least. you have the coolest name ever -Yishay. I watch what goes on in Israel with great intent. turbulent times... I pray for peace one day. I will check back soon. THANKS :-) j. gpg --list-keys /home/funnysys/.gnupg/pubring.kbx --------------------------------- pub rsa4096 2012-08-19 [SC] BC1CAA3B706B8AB2B90153285C2B8102C1708693 uid [ unknown] OmPrakash Muppirala (CODE SIGNING KEY) <[email protected]<mailto:[email protected]>> sub rsa4096 2012-08-19 [E] pub rsa2048 2012-08-24 [SCEA] [expired: 2016-08-24] 17D73FA2308E1C1E8154D51300397EFE935E15AF uid [ expired] Erik de Bruin <[email protected]<mailto:[email protected]>> pub rsa4096 2013-03-09 [SC] CEB8E6C7AEE265E474C7A23DEB3C3109458BCC72 uid [ unknown] Frédéric THOMAS <[email protected]<mailto:[email protected]>> sub rsa4096 2013-03-09 [E] pub rsa4096 2013-12-17 [SC] E7F7B7D4944CAC457A14C0E983E0431CDA9CCFF2 uid [ unknown] Alex Harui (CODE SIGNING KEY) <[email protected]<mailto:[email protected]>> sub rsa4096 2013-12-17 [E] pub rsa4096 2016-09-09 [SC] B7150E7C5D9D4213DE83F1BE37479EAAEDF6613E uid [ unknown] Josh Tynjala (CODE SIGNING KEY) <[email protected]<mailto:[email protected]>> sub rsa4096 2016-09-09 [E] pub rsa4096 2017-06-17 [SC] 44998F3E242727E94C4BADEB6B0A7EC905061FC8 uid [ unknown] Piotr Zarzycki (CODE SIGNING KEY) <[email protected]<mailto:[email protected]>> sub rsa4096 2017-06-17 [E] pub rsa2048 2020-03-23 [SC] [expired: 2022-03-23] 2C79787631929B6CE2079E4C45DA0752EA244F1B uid [ expired] Carlos Rovira <[email protected]<mailto:[email protected]>> pub rsa2048 2020-04-13 [SC] [expired: 2022-04-13] A24666ECC40403A69143711898869FAC4B94469F uid [ expired] Yishay Weiss <[email protected]<mailto:[email protected]>> pub rsa4096 2020-04-13 [SC] [expires: 2025-04-12] FA6915D4A310509FD94AABA380CC74294C859089 uid [ unknown] Yishay Weiss (CODE SIGNING KEY) <[email protected]<mailto:[email protected]>> sub rsa4096 2020-04-13 [E] [expires: 2025-04-12] pub rsa4096 2015-11-08 [SC] [expired: 2019-11-08] 847B1CD324332313D41E4B2FEED39F7E300119C8 uid [ expired] Gavriel Harbater <[email protected]<mailto:[email protected]>> pub rsa4096 2020-07-09 [SC] [expired: 2024-07-09] 816F41010247D30334A1B93C64972753CED28A60 uid [ expired] Harbs <[email protected]<mailto:[email protected]>> pub rsa4096 2021-04-02 [SC] [expires: 2026-04-02] F4CE36E979325A6221706DB0E86EF353F54FE093 uid [ unknown] Yishay Weiss <[email protected]<mailto:[email protected]>> sub rsa4096 2021-04-02 [E] [expires: 2026-04-02] pub rsa4096 2021-04-19 [SC] 50888C560BB685563DB33E4DEB7A2F8680DF4F48 uid [ unknown] Joshua Tynjala <[email protected]<mailto:[email protected]>> sub rsa4096 2021-04-19 [E] funnysys@funnysys-Inspiron-15-3520:~/Downloads$ gpg --verify apache-royale-0.9.12-bin-js-swf.tar.gz.asc apache-royale-0.9.12-bin-js.tar.gz gpg: Signature made Mon 18 Nov 2024 03:34:56 PM EST gpg: using RSA key F4CE36E979325A6221706DB0E86EF353F54FE093 gpg: BAD signature from "Yishay Weiss <[email protected]<mailto:[email protected]>>" [unknown] sha512sum apache-royale-0.9.12-bin-js-swf.tar.gz.sha512 4f68af3486fef9cb1cdddfcfe5c6c6319d257f38c42342a8819df1d9de9eb1546a9bde94c6bcabcfab82da873e6ef90d6ea6bf6214d28e30c4182b70f1c69a61 apache-royale-0.9.12-bin-js-swf.tar.gz.sha512 not sure what to compare that to because there is no sum listed. thanks, bye On Monday, March 24th, 2025 at 3:29 AM, Yishay Weiss <[email protected]> wrote: Can you please clarify how you checked the signatures? ________________________________ From: Jim McNamara <[email protected]> Sent: Thursday, March 20, 2025 3:44 PM To: [email protected] <[email protected]> Subject: please help with .asc key matching signature Hi Yishay and Hiedra- I may have misdirected my post earlier to the github site. Is there anyway you can check on the links for the binary download on the main royale site (royale.apache.org) for v9.12 and see that it matches the key from the apache KEYS file? I tried and got a bad signature today for both the source and the binary for v9.12. thanks for any cool help you can render. and hiedra ...i will try to work around the issues with the tour de jewel as best I can. I know ya'll are busy. thanks, j. Sent with Proton Mail secure email.
