having trouble checking the signature of a downloaded file

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Thu Feb 22 23:13:42 CET 2018 

On 02/22/2018 11:03 PM, Henry wrote:
> 2018-02-21 20:56 GMT+09:00 Kristian Fiskerstrand
> <kristian.fiskerstrand at sumptuouscapital.com>:
>> On 02/21/2018 11:53 AM, Peter Lebbing wrote:
>> Touché :) Indeed, didn't notice it was an old file/signature , then
>> gnupg 1.4 is the recommended official suggestion presuming established
>> validity of key material etc etc.
> 
> gpg (GnuPG) 1.4.22 does give more information, but no success; see
> below.  May I assume that nothing
> can be done other than to request the author to remedy the situation?
> Thanks all.
> 

--allow-weak-digest-algos
Signatures made with known-weak digest algorithms are normally
allows the verification of signatures made with such weak algorithms.
MD5 is the only digest algorithm considered weak by default.

> Henry
> 
> result of using gnupg 1.4:
> % gpg1 --import D5327CB9.key
> gpg: key D5327CB9: "author <author at xxx.org>" not changed
> gpg: Note: signatures using the MD5 algorithm are rejected
> gpg: key D5327CB9: no valid user IDs
> gpg: this may be caused by a missing self-signature
> gpg: Total number processed: 2
> gpg:           w/o user IDs: 1
> gpg:              unchanged: 1
> 
> % gpg1 --verify ***6.4.tar.gz.sig ***6.4.tar.gz
> gpg: Signature made Tue May  4 23:03:11 2004 JST using RSA key ID D5327CB9
> gpg: Can't check signature: public key not found
> 


-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"The laws of Australia prevail in Australia, I can assure you of that.
The laws of mathematics are very commendable, but the only laws that
applies in Australia is the law of Australia."
(Malcolm Turnbull, Prime Minister of Australia).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180222/5da66587/attachment-0001.sig>

More information about the Gnupg-users mailing list