You are not logged in.

#1 2014-02-24 03:21:28

McRib08
Member
Registered: 2014-02-23
Posts: 2

verify public key

New to archlinux and unfamiliar with how to verify signatures using public keys.  I've gotten this far:

gpg: assuming signed data in `./archlinux-2014.02.01-dual.iso'
gpg: Signature made Sat 01 Feb 2014 01:12:03 PM MST using RSA key ID 9741E8AC
gpg: using PGP trust model
gpg: Good signature from "Pierre Schmitz <pierre@archlinux.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC
gpg: binary signature, digest algorithm SHA1

As I understand it, now I need to make sure the public key is valid.

Any help is appreciated.

Offline

#2 2014-02-24 03:37:17

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: verify public key

https://www.archlinux.org/developers/#pierre
Seems fine :-)

4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC = 4aa4767bbc9c4b1d18ae28b77f2d434b9741e8ac
RSA key ID 9741E8AC = PGP Key:     0x9741E8AC

Offline

#3 2014-02-24 03:37:21

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,247
Website

Re: verify public key

The only way to get rid of that message is if the owner of the key gets it signed by other gpg users. Hint: hardly anyone does this, it requires organising a key-signing party. The current message you're getting is about as good as you are going to get.

Offline

#4 2014-02-24 04:04:25

McRib08
Member
Registered: 2014-02-23
Posts: 2

Re: verify public key

Thanks for the responses.  Your explanations and assurances are good enough for me!

Offline

#5 2014-02-24 04:55:08

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,956
Website

Re: verify public key

You are asking the right questions. I once wrote an article about this: https://pierre-schmitz.com/trust-the-master-keys/

For my key you can check e.g. my blog and its ssl cert, previous posts by me, CAcert etc..

Offline

Board footer

Powered by FluxBB