[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SUSE Security Announcement: gpg signature checking problems (SUSE-SA:2006:014)

Scott Leighton wrote:
> ....
>>I went there, downloaded
>><http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3D25D3D9> to (say
>>for brevity) file.pubkey, and then ran
>>gpg --import file.pubkey
>>This returned with:
>>gpg: no valid OpenPGP data found.
>>gpg: Total number processed: 0
>>Actually, I did all this twice, including downloading, with the same
>>result each time.  Using gpg2 yeilded the same.  What's the deal?
>   How are you 'downloading it'? I copied then pasted to kate and
> saved it as test.key

Using Firefox, brought up the page mentioned above, clicked on File >
Save Page As, gave a directory and filename, and clicked OK.  Nothing at
all mysterious or unusual.  After the first download I used vi to trim
off the couple html lines above and below the key delimiters (even
though I was almost sure it didn't matter-- gpg would find the
delimiters).  For the second download (after the first file wouldn't
import) I left the little bit of html code in the file and got the same

After the second failure I did a diff on the two files and the only
difference was that aforementioned html code.

Did you download the key from the page cited above?  Or somewhere else?

> gpg --import test.key
> gpg: key 3D25D3D9: duplicated user ID detected - merged
> gpg: key 3D25D3D9: "SuSE Security Team <security@xxxxxxx>" 49 new signatures
>      Scott

"This world ain't big enough for the both of us,"
said the big noema to the little noema.

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here