mailinglisten at hauke-laging.de
Wed Feb 22 13:53:27 CET 2012
Am Mittwoch, 22. Februar 2012, 10:15:50 schrieb Marco Dorigo:
> I followed the howto on truecrypt
That description contains an "error". And you misunderstood something:
"Sign the imported key with your private key to mark it as trusted". "To" mark
ist trusted, not "and" mark it trusted. The trust you have set is something
completely different (regarding the web of trust).
The "error" is: "If you skip this step and attempt to verify any of our PGP
signatures, you will receive an error message stating that the signing key is
The error message just tells you that this key is not considered valid yet. It
does tell you that the signature has been made by that key. And that's all you
need. It usually does not make much sense to sign a key which you have not
checked. My advice: Either delete the signature or use the signing key for
"worthless" signatures only (and in a way that makes sure you are not
> Because when I'm trying to verify it
> gpg --verify truecrypt-7.1a-linux-x64.tar.gz.sig
> truecrypt-7.1a-linux-x64.tar.gz it just says:
> gpg: verify signatures failed: eof
I guess that the signature file is broken. Download it again. If the signed
file were broken then the error message should say that the signature is
What is the size of the signature file and what is the type of the signing
key? I assume that if the signature file is incomplete then somebody here can
tell already by the length.
We need the output of
(for the TrueCrypt key only)
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users