nPth signature

Ming Kuang ming at imkuang.com
Sat Aug 12 08:09:26 CEST 2023


On 2023-08-12 10:45, Daniel Rostovtsev via Gnupg-users wrote:
> Hi gnupg-users, 
> 
> I think that nPth is might be signed with an expired signature. 
> Is this a problem? 
> 
> Thanks! 
> 
> P.S. 
> I downloaded from https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2 and https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig 
> This is what I see when I run  
> 
>> gpg ---verify npth-1.6.tar.bz2.sig 
> 
> When I run with a trusted gpg. 
> 
> gpg: assuming signed data in 'npth-1.6.tar.bz2' 
> gpg: Signature made Mon Jul 16 07:37:23 2018 UTC 
> gpg:                using RSA key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 
> gpg: Good signature from "Werner Koch (dist sig)" [expired] 
> gpg: Note: This key has expired! 
> Primary key fingerprint: D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6 

Here's a note about these old expired keys: https://www.gnupg.org/signature_key.html
The key with fingerprint 4F25 E3B6 is not listed on that page, but I checked that it is indeed
included in that old public key block: https://gnupg.org/devel/old-signature-keys.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230812/a3cfb388/attachment.sig>


More information about the Gnupg-users mailing list