Wrong signature on idea.c, broken link

Jason Harris jharris at widomaker.com
Fri May 17 21:10:02 CEST 2002 

On Wed, May 15, 2002 at 04:04:46PM -0400, Andy Ozment wrote:

> I'm new to gpg, so I apologize if these "bugs" are really my ignorance
> rather than a bug.

You've been using (commercial) PGP all this time?  :(

> 1. In an attempt to get the idea module, I went to the page
> <http://www.gnupg.org/why-not-idea.html>
> 
> I downloaded the files idea.c and idea.c.sig. I then tried to check the
> sig:
> $ gpg --verify idea.c.sig idea.c
> gpg: Warning: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Fri Aug 17 03:34:05 2001 EDT using DSA key ID
> 621CC013
> gpg: Can't check signature: public key not found
> 
> $ gpg --list-keys
> pub  1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn at gnu.org>
> 
> It appears to me, then, that idea.c was not signed with the key that
> signed the entire distribution (57548DCD, Werner Koch). Is this
> intentional? I could not find the key that did sign the file anywhere on
> the site.

Use the keyservers, Luke!

(However, it doesn't look like Werner has cross-signed all his keys...)

pub  1024D/621CC013 1998-07-07 Werner Koch <werner.koch at guug.de>
     Key fingerprint = ECAF 7590 EB34 43B5 C7CF  3ACB 6C7E E1B8 621C C013
sig?       FF3EAA0B 1998-07-07  [User id not found]
sig        0C9857A5 1998-07-08  Werner Koch <werner.koch at guug.de>
sig        9265FAFB 2001-11-03  Derek Gaston <dgaston at umr.edu>
sig        513AEFD9 2000-09-25  Hans-Joerg Hoexer <hshoexer at rommel.stw.uni-erlangen.de>
sig        82957B66 2000-07-11  Hideki Saito <hideki at allcity.net>
sig        C5E88112 2000-02-22  Ruediger Hahn <ruedi007 at topmail.de>
sig        5B0358A2 1999-03-15  Werner Koch <wk at gnupg.org>
sig        B1CC03AA 1999-06-21  Javier Kohen <jkohen at tough.com>
sig        621CC013 1999-11-12  Werner Koch <werner.koch at guug.de>
uid                            Werner Koch <wk at gnupg.org>
sig        5B0358A2 2000-10-01  Werner Koch <wk at gnupg.org>
sig        621CC013 2000-11-21  Werner Koch <werner.koch at guug.de>
uid                            Werner Koch <wk at openit.de>
sig        513AEFD9 2000-09-25  Hans-Joerg Hoexer <hshoexer at rommel.stw.uni-erlangen.de>
sig        82957B66 2000-07-11  Hideki Saito <hideki at allcity.net>
sig        621CC013 2000-11-21  Werner Koch <werner.koch at guug.de>
sig        90F89A7D 2001-01-25  Ralf Hildebrandt <ralf.hildebrandt at innominate.com>

-- 
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com | web:  http://jharris.cjb.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : /pipermail/attachments/20020517/ea55884b/attachment.bin

More information about the Gnupg-devel mailing list