gpg --verify fails, no key?

mailinglisten at posteo.de mailinglisten at posteo.de
Sun Feb 20 20:38:48 CET 2022


Hi there,

when trying this:

gpg --verify gnupg-2.3.4.tar.bz2.sig gnupg-2.3.4.tar.bz2

I get that:

gpg: Signature made Mo 20 Dez 2021 22:52:45 CET
gpg:                using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
gpg: Good signature from "Werner Koch (dist signing 2020)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA
gpg: Signature made Di 21 Dez 2021 07:20:39 CET
gpg:                using EDDSA key AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
gpg: Can't check signature: No public key


First gpg says, good signature, then it says "no public key"?
Has the tarball been signed with two keys?
Verification was tried using gpg 2.3.1

Thanks!



More information about the Gnupg-users mailing list