having trouble checking the signature of a downloaded file

Henry nbsd4ever at gmail.com
Thu Feb 22 23:03:54 CET 2018

2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand
<kristian.fiskerstrand at sumptuouscapital.com>:
> On 02/21/2018 11:53 AM, Peter Lebbing wrote:
> Touché :) Indeed, didn't notice it was an old file/signature , then
> gnupg 1.4 is the recommended official suggestion presuming established
> validity of key material etc etc.

gpg (GnuPG) 1.4.22 does give more information, but no success; see
below.  May I assume that nothing
can be done other than to request the author to remedy the situation?
Thanks all.


result of using gnupg 1.4:
% gpg1 --import D5327CB9.key
gpg: key D5327CB9: "author <author at xxx.org>" not changed
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: key D5327CB9: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 2
gpg:           w/o user IDs: 1
gpg:              unchanged: 1

% gpg1 --verify ***6.4.tar.gz.sig ***6.4.tar.gz
gpg: Signature made Tue May  4 23:03:11 2004 JST using RSA key ID D5327CB9
gpg: Can't check signature: public key not found

More information about the Gnupg-users mailing list