Dumb Question

Daniel Carrera dcarrera@math.toronto.edu
Tue Aug 6 01:15:02 2002

> Ok to you users of GPG this is surely a dumb question,

No such thing as a dumb question. :-)

> Ive just pulled the current GNUPG sources and the *.sig file.
> Lets assume I have a running gpg, so HOW do I go about checking the sig?
> I tried
> 	gpg gnupg-1.0.7.tar.gz.sig
> and I get
> 	gpg: Signature made Mon Apr 29 10:49:01 2002 MDT using DSA key ID 57548DCD
> 	gpg: Can't check signature: public key not found
> So how do I get the key and insert it on my keyring?

The simplest thing is to edit '~/.gnupg/options'.  Near the end there is
an option to set a keyserver.  Uncoment it and choose a key server.  My
file says:

keyserver wwwkeys.pgp.net

When you need a public key that you don't have, gpg will try to fetch it
from wwwkeys.pgp.net.

In this particular case, the public key is also posted here:

Highlight and save everything from "-----BEGIN PGP PUBLIC KEY BLOCK-----"
to "-----END PGP PUBLIC KEY BLOCK-----" to a file - say 'gnupg.pub'.  That
is the public key.

I believe that you can then save it to your keyring with:

gpg --import gnupg.pub

I hope this helps.