Copy Current GPG Installation to Another Server

Doug Barton dougb at dougbarton.email
Tue Mar 17 21:27:32 CET 2015


Please keep things on the list so that the most users can be helped.

You need to run the --recv-key command first, or the --verify command 
will continue to fail.

Try this:

gpg --keyserver hkp://pool.sks-keyservers.net --recv-key 4F25E3B6

Doug


On 3/17/15 1:23 PM, Clark Rivard wrote:
> Doug
>
> I ran the verify command and then tried the recv-key command but it came back with these messages
>
> 	"no keyserver known <use option --keyserver>"
> 	"keyserver receive failed: bad URI"
>
> I looked up the keyserver option but don’t know what keyserver name to use?
>
> Thanks.
>
>
> -----Original Message-----
> From: Doug Barton [mailto:dougb at dougbarton.email]
> Sent: Tuesday, March 17, 2015 3:07 PM
> To: Clark Rivard
> Subject: Re: Copy Current GPG Installation to Another Server
>
> You need to download the key referenced in the first message:
>
> gpg --recv-key 4F25E3B6
>
> then do your verify command again:
>
> gpg --verify gnupg-w32cli-1.4.19.exe.sig gnupg-w32cli-1.4.19.exe
>
> and you should get a result like this:
>
> gpg: Signature made Fri Feb 27 00:55:58 2015 PST using RSA key ID 4F25E3B6
> gpg: Good signature from "Werner Koch (dist sig)" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
>
> You can safely ignore the warning, it simply means that you have not validated the key yourself, which when it comes to signed packages is not really a necessity.
>
> hope this helps,
>
> Doug
>
>
> On 3/17/15 12:17 PM, Clark Rivard wrote:
>> Thanks for your fast response, Doug.
>>
>> I am new to this so am struggling through for the first time.
>>
>> I downloaded Version 1.4.19 and am "Checking the Integrity".  I have a version of gpg installed (by someone else a long time ago).
>> I ran the "gpg" command to check whether the signature file matches
>> the source file.  I get two messages back
>>
>> 	"Signature made 02/27/15 03:55:58 using RSA key ID...		
>> 	"Can't check signature: public key not found"
>>
>> The ID shown with the first message is a valid ID for Werner Koch per the documentation I have.
>> The second line confuses me - makes me wonder if the integrity has been checked.
>>
>> Has the integrity been properly checked or do I need to do more?   Any help you can provide is much appreciated.
>>
>> Clark
>>
>>
>> -----Original Message-----
>> From: Doug Barton [mailto:dougb at dougbarton.email]
>> Sent: Tuesday, March 17, 2015 1:16 PM
>> To: Clark Rivard; gnupg-users at gnupg.org
>> Subject: Re: Copy Current GPG Installation to Another Server
>>
>> On 3/17/15 7:23 AM, Clark Rivard wrote:
>>> I currently have GPG 1.4.8 installed on a Windows server.  Can the
>>> c:\Programs Files (x86)\GNU\ directory simply be copied to another
>>> server and used or do I need to go through the “download and
>>> installation” process on the new server? Thanks.
>>
>> 1.4.8 is dangerously old. You should download the new version and install in both locations.
>>
>> ftp://ftp.gnupg.org/gcrypt/binary/
>>
>> hope this helps,
>>
>> Doug
>>
>




More information about the Gnupg-users mailing list