[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: verify gpg sigs



OK, maybe I figured it out...

tim@link:~$ gpg --import tarsnap-signing-key.asc
gpg: key 3DD61E72: public key "Tarsnap source code signing key (Colin Percival) <cperciva@tarsnap.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found
tim@link:~$ gpg tarsnap-sigs-1.0.25.asc
gpg: Signature made Fri 10 Jul 2009 01:46:39 PM CDT using RSA key ID 3DD61E72
gpg: Good signature from "Tarsnap source code signing key (Colin Percival) <cperciva@tarsnap.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: ADBD A177 656F D522 8E34  C456 56A4 286A 3DD6 1E72

-Tim

On Fri, Aug 14, 2009 at 10:22 AM, Tim Morgan <tim@timmorgan.org> wrote:
I'm ashamed to admit I've never verified a gpg signature in my life. Some help would be appreciated...

tim@link:~$ gpg --verify tarsnap-signing-key.asc tarsnap-sigs-1.0.25.asc
gpg: verify signatures failed: unexpected data

What am I doing wrong?