having trouble checking the signature of a downloaded file

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Wed Feb 21 12:56:03 CET 2018

On 02/21/2018 11:53 AM, Peter Lebbing wrote:
> On 21/02/18 10:48, Kristian Fiskerstrand wrote:
>>>    gpg: Signature made Tue May  4 23:03:11 2004 JST
>> [...]
>> The author should sign the package using a more modern and secure keyblock.
> Note that not the key, but the /signature/ is made 14 years ago. So
> we're talking about verifying the integrity of a really old file. The
> author might not be available anymore or willing to expend any effort.

Touché :) Indeed, didn't notice it was an old file/signature , then
gnupg 1.4 is the recommended official suggestion presuming established
validity of key material etc etc.

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Dura necessitas
Necessity is harsh

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180221/97631710/attachment.sig>

More information about the Gnupg-users mailing list