You are not logged in.

Pages: 1

#1 2012-01-19 12:57:58

wombat23
Member
Registered: 2011-01-14
Posts: 46

Some questions about Key-Signing

I'm testing the new key-signing feature. A few questions came up that weren't mentioned in the wiki (I must admit I am not familiar with the matter yet):

1) Trying to sign the master key 0x4C7EA887, I get the following message:

pub  3072R/4C7EA887  created: 2011-11-25  expires: never       usage: SC  
                     trust: marginal      validity: full
This key was revoked on 2011-11-25 by RSA key 4C7EA887 Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sub  1024R/93F91AC3  created: 2011-11-25  revoked: 2011-11-25  usage: E   
This key was revoked on 2011-11-25 by RSA key 4C7EA887 Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sub  3072R/B20030F3  created: 2011-11-25  revoked: 2011-11-25  usage: A   
[  full  ] (1). Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>

Can the key still be trusted?

2) I tried installing a new package and got this:

(1/1) checking package integrity                   [######################] 100%
error: firefox-adblock-plus: key "65C110C1EA433FC7" is unknown
:: Import PGP key EA433FC7, "Sergej Pupykin <ml@sergej.pp.ru>", created 2011-07-15? [Y/n]

Does this mean that the key EA433FC7 is not trusted?

3) Is there a way to check the packages already installed retrospectively for their signature?

Offline

#2 2012-01-19 13:07:39

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: Some questions about Key-Signing

2. https://bbs.archlinux.org/viewtopic.php … 0#p1043170

wonder wrote:

is ok, master keys != packager keys.

just import keys when pacman asks.

Last edited by karol (2012-01-19 13:08:44)

Offline

#3 2012-01-19 13:18:41

wombat23
Member
Registered: 2011-01-14
Posts: 46

Re: Some questions about Key-Signing

so for 2), do I get a warning whether the key is signed by 3 of the master keys or not?

Offline

#4 2012-01-19 13:26:15

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,672
Website

Re: Some questions about Key-Signing

1) That is fine.   The main key is not revoked, just the (unneeded) subkeys

2) If you have set the trust level for the master keys to marginal, any key that is not signed by three master keys will be untrusted.

PGP Key: F99FFE0FEAE999BD | I develop pacman - buy me a drink!

Offline

#5 2012-01-19 22:45:36

wombat23
Member
Registered: 2011-01-14
Posts: 46

Re: Some questions about Key-Signing

Allan wrote:

1) That is fine.   The main key is not revoked, just the (unneeded) subkeys

oh that was confusing. I thought "this" was referring to the above it.

2) If you have set the trust level for the master keys to marginal, any key that is not signed by three master keys will be untrusted.

yes, but does pacman warn me if the key is untrusted?

Offline

#6 2012-01-19 23:29:35

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: Some questions about Key-Signing

It'll just quit with "corrupted signature". But only provided you have TrustedOnly in your pacman.conf.

Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

Pages: 1

Board footer

Powered by FluxBB