Comments (7)
I have been trying to upload my public key to GitHub, but (after a lot of tedious cutting and pasting), it fails with the message "We got an error doing that". The key is, I believe, available on keyserver.ubuntu.com and keys.gnupg.net - at least when I search them for my name it finds something. I will continue to pursue this, but I'm not an expert on GnuPG.
from pcre2.
Yay! I managed to figure out what I was doing wrong. I believe I have now uploaded the key to GitHub.
from pcre2.
Hi Philip,
Thanks for your efforts so far.
I see the key which is great, but I still fail to verify the signature:
I first removed all keys relating to your uid
curl https://github.com/FullName.gpg -o lib/ph.gph
gpg --import lib/ph.gpg
gpg --check-signatures
~/.gnupg/pubring.kbx
pub rsa2048 2002-10-21 [SC]
45F68D54BBE23FB3039B46E59766E084FB0F43D8
uid [ unknown] Full Name [email protected]
sig!3 9766E084FB0F43D8 2021-03-25 Full Name [email protected]
uid [ unknown] Full Name [email protected]
sig!3 9766E084FB0F43D8 2007-05-02 Full Name [email protected]
sig!3 9766E084FB0F43D8 2006-03-14 Full Name [email protected]
uid [ unknown] Full Name [email protected]
sig!3 9766E084FB0F43D8 2002-10-21 Full Name [email protected]
sig!3 9766E084FB0F43D8 2002-10-21 Full Name [email protected]
uid [ unknown] Full Name [email protected]
sig!3 9766E084FB0F43D8 2002-10-23 Full Name [email protected]
sub rsa2048 2002-10-21 [E]
sig! 9766E084FB0F43D8 2002-10-21 Full Name [email protected]
gpg: 20 good signatures
gpg: 719 signatures not checked due to missing keys
$ gpg --verify libs/pcre2-10.39.tar.gz.sig
gpg: assuming signed data in 'libs/pcre2-10.39.tar.gz'
gpg: Signature made Fri 29 Oct 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: BAD signature from "Full Name [email protected]" [unknown]
I think if you try this on a new system you would be able to reproduce this, and probably that the system used to sign this is using a different private key which doesn't correspond to this one.
from pcre2.
I'm afraid I am a very naive GPG user, having to consult the manual for my every move. I can check the signatures, for example:
$ gpg --verify Releases/pcre2-10.39.zip.sig Releases/pcre2-10.39.zip
gpg: Signature made Fri Oct 29 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel [email protected]" [ultimate]
gpg: aka "Philip Hazel [email protected]" [ultimate]
gpg: aka "Philip Hazel [email protected]" [ultimate]
gpg: aka "Philip Hazel [email protected]" [ultimate]
This is, of course, using the keys in my keyring on my desktop computer, not the exported one. (The .tar.gz file verifies the same.) I don't have any other systems I can try this on. I wonder if others are having the same problem? Can anyone else who is reading this give advice?
from pcre2.
I have succeeded in recovering a copy of the file called Public-Key that was on ftp.pcre.org. It is a different, much shorter file than what I get from "gpg export". I don't know how to discover what kind of key it is.
from pcre2.
I did as follows, and it works for me:
# download key
gpg --keyserver keyserver.ubuntu.com --search-keys [email protected]
gpg: data source: http://162.213.33.9:11371
(1) Philip Hazel <[email protected]>
Philip Hazel <[email protected]>
Philip Hazel <[email protected]>
Philip Hazel <[email protected]>
2048 bit RSA key 9766E084FB0F43D8, created: 2002-10-21
Keys 1-1 of 1 for "[email protected]". Enter number(s), N)ext, or Q)uit > 1
gpg: key 9766E084FB0F43D8: 3 duplicate signatures removed
gpg: key 9766E084FB0F43D8: 116 signatures not checked due to missing keys
gpg: key 9766E084FB0F43D8: public key "Philip Hazel <[email protected]>" imported
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg: imported: 1
# verify
gpg --verify pcre2-10.39.zip.sig pcre2-10.39.zip
gpg: Signature made Fri 29 Oct 2021 17:07:03 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel <[email protected]>" [unknown]
gpg: aka "Philip Hazel <[email protected]>" [unknown]
gpg: aka "Philip Hazel <[email protected]>" [unknown]
gpg: aka "Philip Hazel <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8
from pcre2.
Downloaded the two files (sig and tar.gz) again, and verifying ok with either the publickey I downloaded yesterday or the ubuntu version. apologies.
C02DC0SHMD6W:web-agents alex.levin$ gpg --import libs/ph.gpg
gpg: key 9766E084FB0F43D8: 65 signatures not checked due to missing keys
gpg: key 9766E084FB0F43D8: public key "Philip Hazel [email protected]" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2025-03-11
C02DC0SHMD6W:web-agents alex.levin$ gpg --verify ~/Downloads/pcre2-10.39.tar.gz.sig ~/Downloads/pcre2-10.39.tar.gz
gpg: Signature made Fri 29 Oct 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8
C02DC0SHMD6W:web-agents alex.levin$ gpg --delete-key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg (GnuPG/MacGPG2) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa2048/9766E084FB0F43D8 2002-10-21 Philip Hazel [email protected]
Delete this key from the keyring? (y/N) y
C02DC0SHMD6W:web-agents alex.levin$ gpg --verify libs/pcre2-10.39.tar.gz.sig libs/pcre2-10.39.tar.gz
gpg: can't open signed data 'libs/pcre2-10.39.tar.gz'
gpg: can't hash datafile: No such file or directory
C02DC0SHMD6W:web-agents alex.levin$ gpg --verify ~/Downloads/pcre2-10.39.tar.gz.sig
gpg: assuming signed data in '/Users/alex.levin/Downloads/pcre2-10.39.tar.gz'
gpg: Signature made Fri 29 Oct 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: key 9766E084FB0F43D8: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
gpg: Can't check signature: No public key
C02DC0SHMD6W:web-agents alex.levin$ gpg --keyserver keyserver.ubuntu.com --search-keys [email protected]
gpg: data source: http://162.213.33.8:11371
(1) Philip Hazel [email protected]
Philip Hazel [email protected]
Philip Hazel [email protected]
Philip Hazel [email protected]
2048 bit RSA key 9766E084FB0F43D8, created: 2002-10-21
Keys 1-1 of 1 for "[email protected]". Enter number(s), N)ext, or Q)uit > 1
gpg: key 9766E084FB0F43D8: 1 duplicate signature removed
gpg: key 9766E084FB0F43D8: public key "Philip Hazel [email protected]" imported
gpg: Total number processed: 1
gpg: imported: 1
C02DC0SHMD6W:web-agents alex.levin$ gpg --verify ~/Downloads/pcre2-10.39.tar.gz.sig
gpg: assuming signed data in '/Users/alex.levin/Downloads/pcre2-10.39.tar.gz'
gpg: Signature made Fri 29 Oct 17:07:03 2021 BST
gpg: using RSA key 45F68D54BBE23FB3039B46E59766E084FB0F43D8
gpg: Good signature from "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: aka "Philip Hazel [email protected]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 45F6 8D54 BBE2 3FB3 039B 46E5 9766 E084 FB0F 43D8
from pcre2.
Related Issues (20)
- MSVC warnings with 10.43 HOT 1
- Allow unlimited subpattern name length HOT 4
- SunOS-5.11-SPARC - "src/pcre2.h", line 949: warning: no explicit type given HOT 5
- pcre2 makes software crash when GDS mitigation is forced for older CPUs HOT 21
- Invalid size 0 may lead to undefined behavior / infinite loop HOT 1
- Atomic group must not increase stack depth HOT 1
- Probable thread-safety issue in pcre2 10.43+ HOT 9
- No load/store-on-condition 2 facility HOT 4
- How can I get PCRE with version under 8.45? HOT 1
- Lift compile time default maximum pattern length HOT 1
- Support W3C xpath spec. weird newline behavior regarding to DOTALL and MULTILINE HOT 6
- Grapheme cluser (`\X`) selector capturing multiple character HOT 2
- Alternative branch should match shared prefix only once HOT 3
- Might be a problem found during the metamorphosis test HOT 4
- Test suite fails when targeting i686 HOT 7
- Signing of git objects HOT 3
- Quantifier `a{,7}` not supported HOT 2
- Coverity defect: Illegal address computation HOT 5
- PCRE2 10.44 Test 8 (Internal offsets and code size) fails on 32-bit platform HOT 1
- Long-term maintenance of PCRE2 HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pcre2.