Closed Jakuje closed 4 years ago
Hi, you can find the list of keys we use to sign our releases here: https://developers.yubico.com/Software_Projects/Software_Signing.html
The yubihsm-connector 2.2.0 release was signed with Alessandro Carlo Chirico <alessandro.chirico@yubico.com> 355C 8C01 86CC 96CB A49F 9CD8 DAA1 7C29 5391 4D9D
. You can retrieve the public key at https://keys.openpgp.org/search?q=355c8c0186cc96cba49f9cd8daa17c2953914d9d
ok. Looks good now. I think I do not have the keyserver keys.openpgp.org
set up so it was failing for me to figure out the name. Now it works fine. Thanks.
The last release 2.2.2 [1] is signed using key unknown to [2]. Trying to verify the source does not give any more hints where should I look for the appropriate public key or who is the one who signed the tarball:
[1] https://developers.yubico.com/yubihsm-connector/Releases/ [2] https://developers.yubico.com/Software_Projects/Software_Signing.html