GPG Key ( nginx_signing.key) file does not contain the key to verify the tar file

Maxim Dounin mdounin at
Wed Apr 19 16:44:35 UTC 2017


On Wed, Apr 19, 2017 at 12:18:07PM -0400, Kumudini Ponnuthurai wrote:

> Not able to verify the latest source of mainline and stable versions of
> NGINX with gpg key ( ). I am using
> Gpg4win Kleopatra. I uploaded this nginx_signing.key file, then changed the
> owner trust under certificates.  Then verified the source (tar file and the
> .asc file) by file -> decrypt/verify. The message was, the key used to sign
> the source is not found in the nginx_signing.key file. 
> Please let me know, how to I verify nginx source with GPG in windows.
> Thanks.
> I also tried to do this by checking for the key in key servers. Not able to
> find the key that is used to sign the source tar file.

There is more than one PGP key used.  Full list of keys is here:

Most of the recent releases are signed by me, key is at  Key fingerprint is:
B0F4 2533 73F8 F6F5 10D4  2178 520A 9993 A1C0 52F8.

Maxim Dounin

More information about the nginx mailing list