This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
bjoernv
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Apr 07, 2017 7:55 pm
Post
by bjoernv » Wed Jun 01, 2022 7:39 am
OpenVPN 2.5.7 seems to be signed with a new GnuPG key 5661FF69D65415584B720FC08B7417B3EBB3B309.
The keyring from
https://openvpn.net/community-resources/sig/ does not contain this key.
Code: Select all
wget -O security-openvpn-net.asc https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7
gpg --import security-openvpn-net.asc
wget https://swupdate.openvpn.org/community/releases/openvpn-2.5.7.tar.gz https://swupdate.openvpn.org/community/releases/openvpn-2.5.7.tar.gz.asc
gpg --verify openvpn-2.5.7.tar.gz.asc
gpg: assuming signed data in 'openvpn-2.5.7.tar.gz'
gpg: Signature made Di 24 Mai 2022 10:57:09 CEST
gpg: using RSA key 5661FF69D65415584B720FC08B7417B3EBB3B309
gpg: Can't check signature: No public key
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Wed Jun 01, 2022 11:57 am
Please see:
https://openvpn.net/community-resources/sig/
Code: Select all
$ gpg --verify openvpn-2.5.7.tar.gz.asc openvpn-2.5.7.tar.gz
gpg: Signature made Tue 24 May 2022 09:57:09 BST
gpg: using RSA key 5661FF69D65415584B720FC08B7417B3EBB3B309
gpg: Good signature from "OpenVPN - Security Mailing List <security@openvpn.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F554 A368 7412 CFFE BDEF E0A3 12F5 F7B4 2F2B 01E7
Subkey fingerprint: 5661 FF69 D654 1558 4B72 0FC0 8B74 17B3 EBB3 B309
Added new help link here:
https://community.openvpn.net/openvpn#GettingOpenVPN