verifying rpms - public key not found

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jul 3 07:21:08 CEST 2009


On 07/03/2009 12:04 AM, Chris wrote:
> When trying to verify an rpm that I built and signed I get:
> 
> [chris at localhost ~]$ gpg
> --check-sig /home/chris/ClamStuff/clamav-0.94.1-0.1.101mdk.i586.rpm
> gpg: using PGP trust model
> gpg: key 98E6705C: accepted as trusted key
> gpg: error reading key: public key not found

--check-sig is for verifying certifications on keys, not for verifying
signatures on arbitrary data.  The man page isn't terribly clear about
that if you didn't already know it though, unfortunately :(

You're probably interested in something like gpg --verify, but i don't
know exactly how signed .rpms work (i work with .debs mostly, which have
external signatures), so hopefully someone else can pipe up with the
specifics.

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090703/ec04ede2/attachment.pgp>


More information about the Gnupg-users mailing list