Mailinglist Archive: opensuse-security (109 mails)

< Previous Next >
Re: [suse-security] SUSE Security Announcement: gpg signature checking problems (SUSE-SA:2006:014)
  • From: ken <gebser@xxxxxxxxxxxxx>
  • Date: Sun, 12 Mar 2006 11:28:36 -0500
  • Message-id: <44144C34.8030705@xxxxxxxxxxxxx>


Scott Leighton wrote:
> ....
>>I went there, downloaded
>><http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3D25D3D9> to (say
>>for brevity) file.pubkey, and then ran
>>
>>gpg --import file.pubkey
>>
>>This returned with:
>>
>>gpg: no valid OpenPGP data found.
>>gpg: Total number processed: 0
>>
>>Actually, I did all this twice, including downloading, with the same
>>result each time. Using gpg2 yeilded the same. What's the deal?
>>
>
> How are you 'downloading it'? I copied then pasted to kate and
> saved it as test.key

Using Firefox, brought up the page mentioned above, clicked on File >
Save Page As, gave a directory and filename, and clicked OK. Nothing at
all mysterious or unusual. After the first download I used vi to trim
off the couple html lines above and below the key delimiters (even
though I was almost sure it didn't matter-- gpg would find the
delimiters). For the second download (after the first file wouldn't
import) I left the little bit of html code in the file and got the same
result.

After the second failure I did a diff on the two files and the only
difference was that aforementioned html code.

Did you download the key from the page cited above? Or somewhere else?


>
> gpg --import test.key
> gpg: key 3D25D3D9: duplicated user ID detected - merged
> gpg: key 3D25D3D9: "SuSE Security Team <security@xxxxxxx>" 49 new signatures
>
>
> Scott
>
>
>

--
"This world ain't big enough for the both of us,"
said the big noema to the little noema.


< Previous Next >
Follow Ups