Kurt Roeckx dijo [Wed, Jul 25, 2018 at 05:49:09AM +0200]: > This file really isn't usable, it's not a detached signature. It > can not be used to verify ksp-dc18.txt. > > When verifying it, you get: > $ gpg --verify ksp-dc18.txt.asc > gpg: Signature made Tue 24 Jul 2018 02:08:48 AM CEST > gpg: using RSA key AB41C1C68AFD668CA045EBF8673A03E4C1DB921F > gpg: Good signature from "Gunnar Eyal Wolf Iszaevich <gwolf@debian.org>" [full] > gpg: aka "Gunnar Eyal Wolf Iszaevich <gwolf@gwolf.org>" [full] > gpg: aka "Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) <gwolf@iiec.unam.mx>" [full] > gpg: WARNING: not a detached signature; file 'ksp-dc18.txt' was NOT verified! > > $ gpg --verify ksp-dc18.txt.asc ksp-dc18.txt > gpg: not a detached signature > > We need to verify the ksp-dc18.txt file, that's the file we'll all > compute the SHA256 for. Just adding to what Julian said: $ GET https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt | sha256sum 7bc15a0bce48ebe990a650a88d6ab48264394a615cdc377805fda98e575bf189 - $ GET https://people.debian.org/~gwolf/ksp-dc18/ksp-dc18.txt.asc | gpg -v | sha256sum gpg: WARNING: no command supplied. Trying to guess what you mean ... gpg: armor header: Hash: SHA256 gpg: original file name='' gpg: Signature made Tue 24 Jul 2018 08:08:48 AM CST gpg: using RSA key AB41C1C68AFD668CA045EBF8673A03E4C1DB921F gpg: using pgp trust model gpg: Good signature from "Gunnar Eyal Wolf Iszaevich <gwolf@debian.org>" [unknown] gpg: aka "Gunnar Eyal Wolf Iszaevich <gwolf@gwolf.org>" [unknown] gpg: aka "Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) <gwolf@iiec.unam.mx>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: AB41 C1C6 8AFD 668C A045 EBF8 673A 03E4 C1DB 921F gpg: textmode signature, digest algorithm SHA256, key algorithm rsa4096 7bc15a0bce48ebe990a650a88d6ab48264394a615cdc377805fda98e575bf189 -
Attachment:
signature.asc
Description: PGP signature