Quantcast

GPG Key ( nginx_signing.key) file does not contain the key to verify the tar file

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

GPG Key ( nginx_signing.key) file does not contain the key to verify the tar file

t.nishiyori
Not able to verify the latest source of mainline and stable versions of
NGINX with gpg key ( http://nginx.org/keys/nginx_signing.key ). I am using
Gpg4win Kleopatra. I uploaded this nginx_signing.key file, then changed the
owner trust under certificates.  Then verified the source (tar file and the
.asc file) by file -> decrypt/verify. The message was, the key used to sign
the source is not found in the nginx_signing.key file.

Please let me know, how to I verify nginx source with GPG in windows.
Thanks.

I also tried to do this by checking for the key in key servers. Not able to
find the key that is used to sign the source tar file.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273729,273729#msg-273729

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: GPG Key ( nginx_signing.key) file does not contain the key to verify the tar file

Maxim Dounin
Hello!

On Wed, Apr 19, 2017 at 12:18:07PM -0400, Kumudini Ponnuthurai wrote:

> Not able to verify the latest source of mainline and stable versions of
> NGINX with gpg key ( http://nginx.org/keys/nginx_signing.key ). I am using
> Gpg4win Kleopatra. I uploaded this nginx_signing.key file, then changed the
> owner trust under certificates.  Then verified the source (tar file and the
> .asc file) by file -> decrypt/verify. The message was, the key used to sign
> the source is not found in the nginx_signing.key file.
>
> Please let me know, how to I verify nginx source with GPG in windows.
> Thanks.
>
> I also tried to do this by checking for the key in key servers. Not able to
> find the key that is used to sign the source tar file.

There is more than one PGP key used.  Full list of keys is here:

http://nginx.org/en/pgp_keys.html

Most of the recent releases are signed by me, key is at
http://nginx.org/keys/mdounin.key.  Key fingerprint is:
B0F4 2533 73F8 F6F5 10D4  2178 520A 9993 A1C0 52F8.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...