Release signed using unknown key

Yubico / yubihsm-connector

https://developers.yubico.com/yubihsm-connector/

Apache License 2.0

30 stars 13 forks source link

Release signed using unknown key #15

Closed Jakuje closed 4 years ago

Jakuje commented 4 years ago

The last release 2.2.2 [1] is signed using key unknown to [2]. Trying to verify the source does not give any more hints where should I look for the appropriate public key or who is the one who signed the tarball:

gpg: Signature made Mon 17 Feb 2020 01:19:41 PM CET
gpg:                using RSA key E08BDEC634FEB60BBEC8C33F7360A84DD7CE1455

[1] https://developers.yubico.com/yubihsm-connector/Releases/ [2] https://developers.yubico.com/Software_Projects/Software_Signing.html

syntaxcase commented 4 years ago

Hi, you can find the list of keys we use to sign our releases here: https://developers.yubico.com/Software_Projects/Software_Signing.html

The yubihsm-connector 2.2.0 release was signed with Alessandro Carlo Chirico <alessandro.chirico@yubico.com> 355C 8C01 86CC 96CB A49F 9CD8 DAA1 7C29 5391 4D9D. You can retrieve the public key at https://keys.openpgp.org/search?q=355c8c0186cc96cba49f9cd8daa17c2953914d9d

Jakuje commented 4 years ago

ok. Looks good now. I think I do not have the keyserver keys.openpgp.org set up so it was failing for me to figure out the name. Now it works fine. Thanks.