Request for better instructions on verifying IDEA source signatures

smu johnson smujohnson at gmail.com
Sat Aug 14 01:48:31 CEST 2010


Hi,

I've been experimenting with the IDEA cipher 3rd party plugin files, and I
keep reading about how I should verify their signatures.

Unfortunately, the help provided by the GnuPG page for that is useless.
Sure, I get the .sig files, but nowhere, not even on the FTP site itself can
I find the public keys to verify the signature.

I started surfing around the GnuPG pages and read that I could find a
communal verifying key in the GnuPG\doc directory, but I don't see anything
in my Mingw32 installation.  And the key provided in armored ascii format
does not match the signature.  Great!

My argument:  I think this is bad for getting people used to doing things
right, as actually doing the safe thing has become a wild-goose chase for
me.  This by no-means encourages anyone to follow proper safety protocol if
the suggestion to verify the IDEA code is impossible or extremely difficult,
in this instance.

Thank you for reading.


-- 
smu johnson <smujohnson at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100813/db862087/attachment.htm>


More information about the Gnupg-doc mailing list