having trouble checking the signature of a downloaded file

Henry nbsd4ever at gmail.com
Wed Feb 21 10:37:40 CET 2018

I downloaded a tarball ***6.4.tar.gz, it's signature file
***6.4.tar.gz.sig, and the author's public key ******.pgp from a
well-known site.

I imported the public key: `gpg --import ******.pgp`.
For some reason, two keys were "skipped":
   gpg: key 0C0B590E80CA15A7: 2 signatures not checked due to missing keys
   gpg: key 0C0B590E80CA15A7: "Author's Name <author at xxxxxx.org>
   gpg: Total number processed: 3
   gpg:     skipped PGP-2 keys: 2
   gpg:              unchanged: 1

I tried to verify the downloaded file, but the check failed:
`gpg --verify ***6.4.tar.gz.sig ***6.4.tar.gz`
   gpg: Signature made Tue May  4 23:03:11 2004 JST
   gpg:                using RSA key DC80F2A6D5327CB9
   gpg: Can't check signature: No public key

This is the first time for this to happen, so I have no idea what I
might be doing
wrong.  Any help or suggestions much appreciated.  TIA


More information about the Gnupg-users mailing list