[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SUSE Security Announcement: gpg signature checking problems (SUSE-SA:2006:014)

> ....
>       gpg: Signature made <DATE> using RSA key ID 3D25D3D9
>       gpg: Good signature from "SuSE Security Team <security@xxxxxxx>"
>     where <DATE> is replaced by the date the document was signed.
>     If the security team's key is not contained in your key ring, you can
>     import it from the first installation CD. To import the key, use the
>     command
>       gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
>   ....

Is the SuSE security team's public key broken on <http://pgp.mit.edu>?

I went there, downloaded
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3D25D3D9> to (say
for brevity) file.pubkey, and then ran

gpg --import file.pubkey

This returned with:

gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Actually, I did all this twice, including downloading, with the same
result each time.  Using gpg2 yeilded the same.  What's the deal?

"This world ain't big enough for the both of us,"
said the big noema to the little noema.

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here