GPG Key ( nginx_signing.key) file does not contain the key to verify the tar file
Maxim Dounin
mdounin at mdounin.ru
Wed Apr 19 16:44:35 UTC 2017
Hello!
On Wed, Apr 19, 2017 at 12:18:07PM -0400, Kumudini Ponnuthurai wrote:
> Not able to verify the latest source of mainline and stable versions of
> NGINX with gpg key ( http://nginx.org/keys/nginx_signing.key ). I am using
> Gpg4win Kleopatra. I uploaded this nginx_signing.key file, then changed the
> owner trust under certificates. Then verified the source (tar file and the
> .asc file) by file -> decrypt/verify. The message was, the key used to sign
> the source is not found in the nginx_signing.key file.
>
> Please let me know, how to I verify nginx source with GPG in windows.
> Thanks.
>
> I also tried to do this by checking for the key in key servers. Not able to
> find the key that is used to sign the source tar file.
There is more than one PGP key used. Full list of keys is here:
http://nginx.org/en/pgp_keys.html
Most of the recent releases are signed by me, key is at
http://nginx.org/keys/mdounin.key. Key fingerprint is:
B0F4 2533 73F8 F6F5 10D4 2178 520A 9993 A1C0 52F8.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list