Closed commandline-be closed 8 months ago
Agreed, especially these days when most keyservers are unreliable at best. FWIW, I can confirm the above fingerprint matches the one I get; the import command I used:
gpg2 --keyserver keyserver.ubuntu.com --recv-keys 44CB2D868DD16BDA
This and the fingerprint of the key should be published in the docs.
you can also find my fingerprint on my profile page: https://github.com/daringer
Is your feature request related to a problem? Please describe. use of gpg may be evident to many but not to all
here is the return output from validating the key
gpg: assuming signed data in 'sha256sum' gpg: Signature made vr 05 jan 2024 10:27:14 CET gpg: using RSA key C7E32619E2F71736F5910BB144CB2D868DD16BDA gpg: Good signature from "Markus Meissner meissner@nitrokey.com" [unknown] gpg: aka "Markus Meissner coder@safemailbox.de" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: CC74 B712 0BFA A36F F428 6872 4C14 49F1 C980 4176 Subkey fingerprint: C7E3 2619 E2F7 1736 F591 0BB1 44CB 2D86 8DD1 6BDA gpg: no valid OpenPGP data found. gpg: verify files failed: Unknown system error
Describe the solution you'd like a single line on how to import the gpg key to validate the sha256sum.sig against sha256sum
Describe alternatives you've considered
use of the Nitrokey documentation also has no sensible documented command how to import the key for Markus
Additional context
https://docs.nitrokey.com/nitropad/ubuntu/firmware-update