You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2017-07-24 15:56:26
- soaringowl2145
- Member
- Registered: 2016-12-17
- Posts: 49
[SOLVED] Is this the correct signing key?
gpg --verify archlinux-2017.07.01-x86_64.iso.sig
gpg: assuming signed data in 'archlinux-2017.07.01-x86_64.iso'
gpg: Signature made Sat Jul 1 03:19:25 2017 EDT
gpg: using RSA key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC
gpg: Can't check signature: No public key
I am curious about the key that it says it was signed with. On Debian it says the signing key is: 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC
But on KNOPPIX it says: 9741E8AC
So, is the key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC fine?
Last edited by soaringowl2145 (2017-07-25 22:02:27)
Offline
#2 2017-07-24 16:20:45
- Xyne
- Forum Fellow
- Registered: 2008-08-03
- Posts: 6,965
- Website
Re: [SOLVED] Is this the correct signing key?
On Debian it says the signing key is: 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC But on KNOPPIX it says: 9741E8ACSo, is the key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC fine?
Yep, that's Pierre's key. The full fingerprint is usually used as an ID but sometimes only the last 8 digits are used instead.
My Arch Linux Stuff • Forum Etiquette • Community Ethos - Arch is not for everyone
Offline
#3 2017-07-25 22:01:18
- soaringowl2145
- Member
- Registered: 2016-12-17
- Posts: 49
Re: [SOLVED] Is this the correct signing key?
Thank you!
Offline
#4 2017-07-25 22:10:57
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,509
- Website
Re: [SOLVED] Is this the correct signing key?
A side note: you should not use only the last 32 bits (8 hexadecimal digits) for working with keys. Use either the full fingerprints or at least the 64-bit IDs.
32-bit ones are effectively dead, with collisions obtainable within dozens of seconds and fake keys of Linux devs already found in the wild. All up-to-date software should have dropped the 32-bit IDs, so on Arch Linux the issue is usually solved, but if you use other operating systems with outdated programs, you should be aware of the problem.
Paperclips in avatars?
NIST on password policies (PDF) — see §3.1.1.2
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#5 2017-07-25 22:23:30
- eschwartz
- Fellow
- Registered: 2014-08-08
- Posts: 4,097
Re: [SOLVED] Is this the correct signing key?
Yeah, you'll probably want to make sure your gpg binary uses --with-fingerprint --keyid-format long by default (e.g. set these options in your ~/.gnupg/gpg.conf).
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
Pages: 1