GPG Key ( nginx_signing.key) file does not contain the key to verify the tar file

Kumudini Ponnuthurai nginx-forum at forum.nginx.org
Wed Apr 19 16:18:07 UTC 2017


Not able to verify the latest source of mainline and stable versions of
NGINX with gpg key ( http://nginx.org/keys/nginx_signing.key ). I am using
Gpg4win Kleopatra. I uploaded this nginx_signing.key file, then changed the
owner trust under certificates.  Then verified the source (tar file and the
.asc file) by file -> decrypt/verify. The message was, the key used to sign
the source is not found in the nginx_signing.key file. 

Please let me know, how to I verify nginx source with GPG in windows.
Thanks.

I also tried to do this by checking for the key in key servers. Not able to
find the key that is used to sign the source tar file.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273729,273729#msg-273729



More information about the nginx mailing list