Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

where can I find the public key for Gnu Emacs?

Tags:

emacs

gnupg

I have used emacs for only half a year from 23.1 to 23.3.

Every time I tried to find gpg public key for emacs so that I could check tar.gz package with tar.gz.sig released with every new version, I failed.

It seems I should fetch public key first, and I searched the website of emacs, but never found a sign...

I can only find SHA1 checksum in the mailing list http://lists.gnu.org/archive/html/info-gnu-emacs/2011-03/msg00000.html to do the integrity check

How do I do this?

like image 245
sfszh Avatar asked Apr 18 '11 10:04

sfszh


People also ask

What is the GNU Public Key?

GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key. A user's private key is kept secret; it need never be revealed. The public key may be given to anyone with whom the user wants to communicate.


1 Answers

If you try to verify the signature using

gpg --verify <pkg>.key 

you'll get an output like the following:

gpg: Signature made 02/17/05 14:02:42 GTB Standard Time using DSA key ID BE216115 gpg: Can't check signature: No public key 

The key ID you are looking for is BE216115, so you ask gpg to retrieve it using:

gpg --recv-keys BE216115 

Which resulted in the following on my installation:

gpg: requesting key BE216115 from hkp server keys.gnupg.net gpg: key BE216115: public key "Francesco Potortì <[email protected]>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1  valid:   1  signed:   6  trust: 0-, 0q, 0n, 0m, 1f, 0u gpg: depth: 2  valid:   6  signed:   1  trust: 0-, 0q, 0n, 6m, 0f, 0u gpg: Total number processed: 1 gpg:               imported: 1 

Now, you can verify it. But since you haven't assigned any trust to this key, the output will be:

gpg: Signature made 02/17/05 14:02:42 GTB Standard Time using DSA key ID BE216115 gpg: Good signature from "Francesco Potortì <[email protected]>" gpg:                 aka "Francesco Potortì <[email protected]>" gpg:                 aka "Francesco Potortì <[email protected]>" gpg:                 aka "Francesco Potortì <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg:          There is no indication that the signature belongs to the owner. Primary key fingerprint: 4B02 6187 5C03 D6B1 2E31  7666 09DF 2DC9 BE21 6115 

So, you will know that the signature is valid, but you are not trusting the public key. You can trust or sign the public key using:

gpg --edit-key BE216115 

In the command prompt type help to see all the available options. For further information, see Using the GNU Privacy Guard

like image 77
vhallac Avatar answered Nov 07 '22 06:11

vhallac