Re: Openssh 3.9p1

From: Greg Norris (haphazard_at_kc.rr.com)
Date: 08/21/04

  • Next message: k l: "starting remote server(s) with ssh"
    Date: Sat, 21 Aug 2004 08:50:54 -0500
    To: Troy.Wilson@chi.frb.org
    
    

    That's actually a successful verification, as indicated by the "Good
    signature from" line. The problem is in the web-of-trust... Damien's
    key isn't signed by any trusted keys present in your keyring. What I
    normally do in this situation, assuming I'm confident of the key's
    legitimacy, is to add a non-exportable signature.

       gpg --lsign-key 86FF9C48

    On Fri, Aug 20, 2004 at 11:47:48AM -0500, Troy.Wilson@chi.frb.org wrote:
    > Has anyone else warning for signature verification. I might be doing
    > something wrong, but it seems like the archive was not signed using the
    > public key. Here what I did:
    > I download the file DJM-GPG-KEY.asc and did a gpg --import to import the
    > public key.
    > I then did a gpg --verify openssh-3.9p1.tar.gz.sig openssh-3.9p1.tar.gz
    > I get the following output:
    >
    > # gpg --verify openssh-3.9p1.tar.gz.sig openssh-3.9p1.tar.gz
    > gpg: Signature made Tue Aug 17 07:55:13 2004 CDT using DSA key ID 86FF9C48
    > gpg: Good signature from "Damien Miller (Personal Key) <djm@mindrot.org>"
    > gpg: WARNING: This key is not certified with a trusted signature!
    > gpg: There is no indication that the signature belongs to the
    > owner.
    > Primary key fingerprint: 3981 992A 1523 ABA0 79DB FC66 CE8E CB03 86FF
    > 9C48
    >
    >
    >
    >
    > Troy Wilson
    > Technology Group
    > Systems Administrator
    > 312-322-5606


  • Next message: k l: "starting remote server(s) with ssh"

    Relevant Pages

    • Re: Soft signatures
      ... now, digital signature, typically just represents that you (in ... For some time there were arguments that if a certificate contained the ... certificate with your public key and the non-repudiation flag in it. ... for a number of different business purposes. ...
      (sci.crypt)
    • Re: Design choice in LTC
      ... The bytes cannot be a valid signature for any public key. ... -- Failure type 1 is obtained when the signature is too small to harbour ...
      (sci.crypt)
    • Re: PGPsigs: the Choice of Con Artists
      ... They can insist whatever they want to insist but if I trust none of them ... You seem to have two problems: one is that you don't like the PGP signature ... signature or break public key encryption. ...
      (comp.os.linux.misc)
    • [PATCH 5/6] MODSIGN: Module signature checker and key manager
      ... given a signature and crypto_hash of the data that was signed. ... new file mode 100644 ... * GNU General Public License for more details. ... * handle a public key element parsed from the keyring blob ...
      (Linux-Kernel)
    • Re: Are ++ and -- operators really more efficient
      ... and encode that with a private key. ... crc, runs a crc generator on the content, and compares. ... While the signature itself will be fairly small, public key certificates are not. ...
      (comp.lang.c)