Hi everyone, I am trying to verify the PGP signature on the latest Tomcat 9 release (9.0.56) but unable to obtain it from a suggested key server (see command logs below). Could you please clarify where to obtain and how to verify the authenticity of that particular signature. Thanks in advance! Peter
gpg --verify apache-tomcat-9.0.56.tar.gz.asc.txt apache-tomcat-9.0.56.tar.gz gpg: Signature made Thu Dec 2 09:31:59 2021 EST using RSA key ID 359E722B gpg: requesting key 359E722B from hkps server hkps.pool.sks-keyservers.net<http://hkps.pool.sks-keyservers.net> gpgkeys: HTTP fetch error 6: Couldn't resolve host 'hkps.pool.sks-keyservers.net<http://hkps.pool.sks-keyservers.net>' gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: keyserver communications error: keyserver helper internal error gpg: keyserver communications error: General error gpg: Can't check signature: No public key gpg --keyserver pgpkeys.mit.edu<http://pgpkeys.mit.edu> --recv-key 359E722B gpg: requesting key 359E722B from hkp server pgpkeys.mit.edu<http://pgpkeys.mit.edu> gpgkeys: key 359E722B can't be retrieved gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: keyserver communications error: keyserver helper general error gpg: keyserver communications error: Invalid public key algorithm gpg: keyserver receive failed: Invalid public key algorithm Thanks, Peter
