search

aperezdc / signify

OpenBSD tool to sign and verify signatures on files. Portable version.
ISC License
276 stars 16 forks source link

gpg key has been expired #37

Open paileActivist opened 1 year ago

paileActivist commented 1 year ago

signifyportable.pub missing from realease page. i have run:

$ gpg --verify -o signifyportable.pub signifyportable.pub.asc 
gpg: no signed data
gpg: can't hash datafile: No data
paileActivist commented 1 year ago

after importing your key 0x5aa3bc334fd7e3369e7c77b291c559dbe4c9123b

curl -fsSL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x5aa3bc334fd7e3369e7c77b291c559dbe4c9123b" | gpg --import
gpg: key 91C559DBE4C9123B: 14 signatures not checked due to missing keys
gpg: /home/demo/.gnupg/trustdb.gpg: trustdb created
gpg: key 91C559DBE4C9123B: public key "Adrián Pérez de Castro <aperez@igalia.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no ultimately trusted keys found

then, when running :

gpg --verify-files signify-31.tar.xz.asc

give:

gpg: assuming signed data in 'signify-31.tar.xz'
gpg: Signature made 13 مارس, 2022 10:34:02 م CET
gpg:                using DSA key 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B
gpg: Good signature from "Adrián Pérez de Castro <aperez@igalia.com>" [expired]
gpg:                 aka "Adrián Pérez de Castro (personal) <adrian@perezdecastro.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 5AA3 BC33 4FD7 E336 9E7C  77B2 91C5 59DB E4C9 123B

As you can see, your gpg key has been expired.

paileActivist commented 1 year ago

i have found signifyportable.pub at https://github.com/aperezdc/signify/tree/master/keys But still gpg key has been expired , just for information :smile: 

bash -xc 'curl -fsSLROJ "https://raw.githubusercontent.com/aperezdc/signify/master/keys/signifyportable.pub{,.asc}" \
&& gpg --verify-files signifyportable.pub.asc ; gpg --verify -o signifyportable.pub signifyportable.pub.asc '
+ curl -fsSLROJ 'https://raw.githubusercontent.com/aperezdc/signify/master/keys/signifyportable.pub{,.asc}'
+ gpg --verify-files signifyportable.pub.asc
gpg: assuming signed data in 'signifyportable.pub'
gpg: Signature made 24 سبتمبر, 2020 11:49:04 ص CET
gpg:                using DSA key 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B
gpg: Good signature from "Adrián Pérez de Castro <aperez@igalia.com>" [expired]
gpg:                 aka "Adrián Pérez de Castro (personal) <adrian@perezdecastro.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 5AA3 BC33 4FD7 E336 9E7C  77B2 91C5 59DB E4C9 123B
+ gpg --verify -o signifyportable.pub signifyportable.pub.asc
gpg: assuming signed data in 'signifyportable.pub'
gpg: Signature made 24 سبتمبر, 2020 11:49:04 ص CET
gpg:                using DSA key 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B
gpg: Good signature from "Adrián Pérez de Castro <aperez@igalia.com>" [expired]
gpg:                 aka "Adrián Pérez de Castro (personal) <adrian@perezdecastro.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 5AA3 BC33 4FD7 E336 9E7C  77B2 91C5 59DB E4C9 123B
paileActivist commented 1 year ago

I have successfully verified with: signify-openbsd -C -p signifyportable.pub -x SHA256.sig

Signature Verified
signify-31.tar.xz: OK
paileActivist commented 1 year ago

i will leave this issue open for your information about your expired gpg key. feel free to close this issue , if you desire. peace :four_leaf_clover: