Dumb Question
Daniel Carrera
dcarrera@math.toronto.edu
Tue Aug 6 01:15:02 2002
> Ok to you users of GPG this is surely a dumb question,
No such thing as a dumb question. :-)
> Ive just pulled the current GNUPG sources and the *.sig file.
> Lets assume I have a running gpg, so HOW do I go about checking the sig?
>
> I tried
> gpg gnupg-1.0.7.tar.gz.sig
> and I get
> gpg: Signature made Mon Apr 29 10:49:01 2002 MDT using DSA key ID 57548DCD
> gpg: Can't check signature: public key not found
>
> So how do I get the key and insert it on my keyring?
The simplest thing is to edit '~/.gnupg/options'. Near the end there is
an option to set a keyserver. Uncoment it and choose a key server. My
file says:
keyserver wwwkeys.pgp.net
When you need a public key that you don't have, gpg will try to fetch it
from wwwkeys.pgp.net.
In this particular case, the public key is also posted here:
http://www.gnupg.org/gnupg-sigkey.html
Highlight and save everything from "-----BEGIN PGP PUBLIC KEY BLOCK-----"
to "-----END PGP PUBLIC KEY BLOCK-----" to a file - say 'gnupg.pub'. That
is the public key.
I believe that you can then save it to your keyring with:
gpg --import gnupg.pub
I hope this helps.
Daniel.