Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: About *.asc
From: Stijn Hoop (stijnwin.tue.nl)
Date: Fri Mar 21 2003 - 02:20:38 CST
On Fri, Mar 21, 2003 at 03:14:51PM +0700, budsz wrote:
> I was search in web resource about this problem, mailing list etc, today
> I get some advisory from FreeBSD security about trouble, so I try to verify
> the *asc:
> $ gpg --verify xdr-5.patch.asc
> gpg: Signature made Thu Mar 20 08:10:01 2003 WIT using DSA key ID
> gpg: Good signature from "FreeBSD Security Officer <security-officerFreeBSD.org>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the
> Primary key fingerprint: C374 0FC5 69A6 FBB1 4AED B131 15D6 8804 CA6C
> What happen about warning message, Would you give me some clue pls.
You need to tell gpg that you trust the fact that that key is indeed the one
that the people at FreeBSD use to sign the advisory.
In other words, gpg has verified that the digital signature was not tampered
with, but there is no way for gpg to know whether it was really the FreeBSD
security officer key -- anyone can create a key saying that they are the
You can verify that it is the correct key by comparing the fingerprint to a
trusted source of fingerprints. The most secure solution is to go up to the
security officer in person and compare the key fingerprints by hand, but this
is of course not practical. For most purposes it is enough to compare the
fingerprint with the one on the web at
But it's up to you to assign a level of trust in these procedures (how secure
is the FreeBSD web site? etc).
To tell gpg that you trust that this is the key used by the FreeBSD officer:
$ gpg --edit-key security-officerfreebsd.org
enter 'trust' and then e.g. '4'.
If today is the first day of the rest of your life, what the hell was
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message