Closed jsdream closed 4 years ago
for some reason that key is not available anymore on the keyserver. i'll try tomorrow to find which key that is linked to and re-upload the pubkey
@wargio Thank you for your quick reply. Looking forward to it.
the issue is that was missing a 4
at the end, so it wasn't a HEX number. i've updated the wiki.
the key that you have to fetch is 251A28DE2685AED4
so just gpg --recv-key 251A28DE2685AED4
and should work
Thanks @wargio. Now the key is being fetched, but I'm getting another error when trying to verify:
gpg: Total number processed: 1
gpg: w/o user IDs: 1
gpg: assuming signed data in 'naxsi-0.56.tar.gz'
gpg: Signature made Wed Jun 27 10:38:00 2018 UTC
gpg: using RSA key 5FA35473CA73872AA9731F5C251A28DE2685AED4
gpg: issuer "tko@nbs-system.com"
gpg: Can't check signature: No public key
Thanks @wargio. Now the key is being fetched, but I'm getting another error when trying to verify:
gpg: Total number processed: 1 gpg: w/o user IDs: 1 gpg: assuming signed data in 'naxsi-0.56.tar.gz' gpg: Signature made Wed Jun 27 10:38:00 2018 UTC gpg: using RSA key 5FA35473CA73872AA9731F5C251A28DE2685AED4 gpg: issuer "tko@nbs-system.com" gpg: Can't check signature: No public key
i think something went wrong when fetching the key or when you trust it.
this is what it should look like:
$ gpg --recv-key 251A28DE2685AED4
gpg: enabled debug flags: memstat
gpg: key 251A28DE2685AED4: public key "Naxsi Project (Key Used To Sign Code) <tko@nbs-system.com>" imported
$ gpg --verify naxsi-0.56.zip.asc
gpg: enabled debug flags: memstat
gpg: assuming signed data in 'naxsi-0.56.zip'
gpg: Signature made Wed 27 Jun 2018 12:38:13 PM CEST
gpg: using RSA key 5FA35473CA73872AA9731F5C251A28DE2685AED4
gpg: issuer "tko@nbs-system.com"
gpg: Good signature from "Naxsi Project (Key Used To Sign Code) <tko@nbs-system.com>" [full]
@wargio The issue was my end. I'm running this inside Docker container based on Nginx official image and looks like it was fetching the key from a wrong keyserver. Adding --keyserver keyserver.ubuntu.com
fixed the problem.
ok. i'm closing the issue then, since it's solved. :)
I'm following the installation guide (https://github.com/nbs-system/naxsi/wiki/naxsi-compile) and stuck at verifying the signature.
gpg --recv-key 251A28DE2685AED
gives megpg: "251A28DE2685AED" not a key ID: skipping
Is the key ID wrong or it's me doing something wrong?