Please update fingerprint and key id

All comments and questions related to the functionality of the OpenVPN web pages and forum should go here.
Post Reply
kroll
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 13, 2018 1:39 pm

Please update fingerprint and key id

Post by kroll » Fri Jul 13, 2018 1:55 pm

The new version 2.4.6 cannot be verified, since the fingerprint and the key id is has expired.
Please update wiki and web page with the new key id and fingerprint.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4421
Joined: Fri Jun 03, 2016 1:17 pm

Re: Please update fingerprint and key id

Post by TinCanTech » Fri Jul 13, 2018 2:46 pm

Try this:

Code: Select all

tct@ub16:~/openvpn/windows$ wget https://swupdate.openvpn.net/community/keys/security-key-2018.asc
--2018-07-13 15:41:17--  https://swupdate.openvpn.net/community/keys/security-key-2018.asc
Resolving swupdate.openvpn.net (swupdate.openvpn.net)... 104.20.194.50, 104.20.195.50
Connecting to swupdate.openvpn.net (swupdate.openvpn.net)|104.20.194.50|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21168 (21K) [text/plain]
Saving to: ‘security-key-2018.asc’

security-key-2018.asc                     100%[==================================================================================>]  20.67K  --.-KB/s    in 0.06s   

2018-07-13 15:41:33 (354 KB/s) - ‘security-key-2018.asc’ saved [21168/21168]

tct@ub16:~/openvpn/windows$ wget https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe
--2018-07-13 15:41:41--  https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe
Resolving swupdate.openvpn.org (swupdate.openvpn.org)... 104.18.252.114, 104.18.248.114, 104.18.251.114, ...
Connecting to swupdate.openvpn.org (swupdate.openvpn.org)|104.18.252.114|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3861232 (3.7M) [application/x-ms-dos-executable]
Saving to: ‘openvpn-install-2.4.6-I602.exe’

openvpn-install-2.4.6-I602.exe            100%[==================================================================================>]   3.68M   182KB/s    in 20s     

2018-07-13 15:42:11 (191 KB/s) - ‘openvpn-install-2.4.6-I602.exe’ saved [3861232/3861232]

tct@ub16:~/openvpn/windows$ wget https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe.asc
--2018-07-13 15:42:17--  https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe.asc
Resolving swupdate.openvpn.org (swupdate.openvpn.org)... 104.18.252.114, 104.18.248.114, 104.18.251.114, ...
Connecting to swupdate.openvpn.org (swupdate.openvpn.org)|104.18.252.114|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 833 [text/plain]
Saving to: ‘openvpn-install-2.4.6-I602.exe.asc’

openvpn-install-2.4.6-I602.exe.asc        100%[==================================================================================>]     833  --.-KB/s    in 0.002s  

2018-07-13 15:42:22 (338 KB/s) - ‘openvpn-install-2.4.6-I602.exe.asc’ saved [833/833]

tct@ub16:~/openvpn/windows$ gpg --import security-key-2018.asc
gpg: directory `/home/tct/.gnupg' created
gpg: new configuration file `/home/tct/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/tct/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/tct/.gnupg/secring.gpg' created
gpg: keyring `/home/tct/.gnupg/pubring.gpg' created
gpg: /home/tct/.gnupg/trustdb.gpg: trustdb created
gpg: key 2F2B01E7: public key "OpenVPN - Security Mailing List <security@openvpn.net>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found

tct@ub16:~/openvpn/windows$ gpg -v --verify openvpn-install-2.4.6-I602.exe.asc openvpn-install-2.4.6-I602.exe
gpg: Signature made Thu 26 Apr 2018 18:10:49 BST using RSA key ID AF131CAE
gpg: NOTE: signature key 8CC2B034 expired Tue 06 Mar 2018 12:17:50 GMT
gpg: using subkey AF131CAE instead of primary key 2F2B01E7
gpg: NOTE: signature key 8CC2B034 expired Tue 06 Mar 2018 12:17:50 GMT
gpg: using PGP trust model
gpg: Good signature from "OpenVPN - Security Mailing List <security@openvpn.net>"
gpg: NOTE: signature key 8CC2B034 expired Tue 06 Mar 2018 12:17:50 GMT
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F554 A368 7412 CFFE BDEF  E0A3 12F5 F7B4 2F2B 01E7
     Subkey fingerprint: D518 B9BD 643C F94D A5ED  9970 F132 B1CB AF13 1CAE
gpg: binary signature, digest algorithm SHA256

tct@ub16:~/openvpn/windows$ gpg --version
gpg (GnuPG) 1.4.20
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Last edited by TinCanTech on Fri Jul 13, 2018 8:32 pm, edited 1 time in total.

kroll
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 13, 2018 1:39 pm

Re: Please update fingerprint and key id

Post by kroll » Fri Jul 13, 2018 3:45 pm

Thanks. I did these steps. As you see in your output above the "signature key 8CC2B034 expired" and it's now "using subkey AF131CAE instead" and "There is no indication that the signature belongs to the owner". The subkey fingerprint and key id are not published on the wiki and web page. How then to verify?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4421
Joined: Fri Jun 03, 2016 1:17 pm

Re: Please update fingerprint and key id

Post by TinCanTech » Fri Jul 13, 2018 8:44 pm

It is important that you understand how gpg works.

Use your favourite search engine to query the term "gpg web of trust"

Post Reply