#408 Help to verify the .exe file

v1.0_(example)
closed
nobody
Verify (1)
1
2014-05-09
2014-04-09
Matt Postiff
No

Newbie here. Downloaded pwsafe-3.33.exe and the exe.sig file. Tried using kleopatra to verify, using .sig file as detached signature, exe file as signed data, and Rony's key id=FA175557.

It says "Not enough information to check signature validity. Signed on 2014-02-07 03:11 with unknown certificate 0x919464515CCF8BB3. The signature is invalid: No public certificate to verify the signature."

Discussion

  • Rony Shapiro
    Rony Shapiro
    2014-04-09

    What you're seeing means that the signature shows that the file was untampered, but kleopatra was unable to verify that the signature was indeed generated by me.

    The keyid FA175557 is not that of the key I used to generate the signature. Unfortunately, that key was generated in 2006 and is too weak (1024 bits) by today's standards to be considered secure.

    You should be able to download the key with keyid 5CCF8BB3 from a gpg keyserver (for example, http://keyserver.pgp.com/vkd/GetWelcomeScreen.event) and add it to kleopatra's list of keys. One you do so, it will verify correctly.

     
  • Rony Shapiro
    Rony Shapiro
    2014-05-09

    Nothing else to do here.

     
  • Rony Shapiro
    Rony Shapiro
    2014-05-09

    • status: open --> closed