[tor-talk] Problem about verify signatures
Nam Su
namfree123 at gmail.com
Sun Feb 24 11:48:19 UTC 2013
나의 iPhone에서 보냄
2013. 2. 24. 7:41 PM Fabian Keil <freebsd-listen at fabiankeil.de> wrote:
> Nam Su <namfree123 at gmail.com> wrote:
>
>> When I tried to verify signatures with GPA, gpg frontend, it was failed.
>> I download Tor packages in torproject.org https version.
>>
>> Strangely, when I tried to verify with GPG command line, it was success.
>
> Using gpg directly seems to be the recommended way:
> https://www.torproject.org/docs/verifying-signatures.html.en
>
>> Is it tor's asc file problem? Or is it GPA bug so should I report this
>> problem to GPA project? My feeling is like headache.
>
> Without knowing the error message you got from GPA it's impossible
> to tell what's going on and reporting any problem to the GPA project
> is probably premature.
>
> I'm not familiar with GPA but as long as gpg itself confirms that
> the signature is valid and the gpg binary came from a trustworthy
> source, I wouldn't worry about the GPA issue unless the error message
> explicitly tells you that the signature is invalid and not just that
> it can't be verified (for example due to missing the public key).
Error message was bad signature. I guess GPA may be able to only verify when Sign is in signed file.
Thanks your advise
>
> Fabian
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
More information about the tor-talk
mailing list