verify TrueCrypt

Marco Dorigo M.Dorigo at gmx.de
Wed Feb 22 14:48:34 CET 2012 

Thanks guys! finally, it worked!

> I guess that the signature file is broken.

That was the problem. After downloading it again, everything just worked fine. And I skipped the 

> trust

part of my description which I wrote down in my first mail!


regards,

md



-------- Original-Nachricht --------
> Datum: Wed, 22 Feb 2012 13:53:27 +0100
> Von: Hauke Laging <mailinglisten at hauke-laging.de>
> An: gnupg-users at gnupg.org
> CC: "Marco Dorigo" <M.Dorigo at gmx.de>
> Betreff: Re: verify TrueCrypt

> Am Mittwoch, 22. Februar 2012, 10:15:50 schrieb Marco Dorigo:
> 
> > I followed the howto on truecrypt
> > (http://www.truecrypt.org/docs/?s=digital-signatures)
> 
> That description contains an "error". And you misunderstood something:
> 
> "Sign the imported key with your private key to mark it as trusted". "To"
> mark 
> ist trusted, not "and" mark it trusted. The trust you have set is
> something 
> completely different (regarding the web of trust).
> 
> The "error" is: "If you skip this step and attempt to verify any of our
> PGP 
> signatures, you will receive an error message stating that the signing key
> is 
> invalid."
> 
> The error message just tells you that this key is not considered valid
> yet. It 
> does tell you that the signature has been made by that key. And that's all
> you 
> need. It usually does not make much sense to sign a key which you have not
> checked. My advice: Either delete the signature or use the signing key for
> "worthless" signatures only (and in a way that makes sure you are not 
> confused).
> 
> 
> > Because when I'm trying to verify it
> > gpg --verify truecrypt-7.1a-linux-x64.tar.gz.sig
> > truecrypt-7.1a-linux-x64.tar.gz it just says:
> > gpg: verify signatures failed: eof
> 
> I guess that the signature file is broken. Download it again. If the
> signed 
> file were broken then the error message should say that the signature is 
> wrong.
> 
> What is the size of the signature file and what is the type of the signing
> key? I assume that if the signature file is incomplete then somebody here
> can 
> tell already by the length.
> 
> We need the output of
> gpg --list-keys
> (for the TrueCrypt key only)
> 
> 
> Hauke
> -- 
> PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-- 
 
 Marco Dorigo

 mail: m.dorigo at gmx.de
 mobil: 0177-8905323

Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de

More information about the Gnupg-users mailing list