The new version 2.4.6 cannot be verified, since the fingerprint and the key id is has expired.
Please update wiki and web page with the new key id and fingerprint.
Please update fingerprint and key id
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jul 13, 2018 1:39 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Please update fingerprint and key id
Try this:
Code: Select all
tct@ub16:~/openvpn/windows$ wget https://swupdate.openvpn.net/community/keys/security-key-2018.asc
--2018-07-13 15:41:17-- https://swupdate.openvpn.net/community/keys/security-key-2018.asc
Resolving swupdate.openvpn.net (swupdate.openvpn.net)... 104.20.194.50, 104.20.195.50
Connecting to swupdate.openvpn.net (swupdate.openvpn.net)|104.20.194.50|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21168 (21K) [text/plain]
Saving to: ‘security-key-2018.asc’
security-key-2018.asc 100%[==================================================================================>] 20.67K --.-KB/s in 0.06s
2018-07-13 15:41:33 (354 KB/s) - ‘security-key-2018.asc’ saved [21168/21168]
tct@ub16:~/openvpn/windows$ wget https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe
--2018-07-13 15:41:41-- https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe
Resolving swupdate.openvpn.org (swupdate.openvpn.org)... 104.18.252.114, 104.18.248.114, 104.18.251.114, ...
Connecting to swupdate.openvpn.org (swupdate.openvpn.org)|104.18.252.114|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3861232 (3.7M) [application/x-ms-dos-executable]
Saving to: ‘openvpn-install-2.4.6-I602.exe’
openvpn-install-2.4.6-I602.exe 100%[==================================================================================>] 3.68M 182KB/s in 20s
2018-07-13 15:42:11 (191 KB/s) - ‘openvpn-install-2.4.6-I602.exe’ saved [3861232/3861232]
tct@ub16:~/openvpn/windows$ wget https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe.asc
--2018-07-13 15:42:17-- https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.6-I602.exe.asc
Resolving swupdate.openvpn.org (swupdate.openvpn.org)... 104.18.252.114, 104.18.248.114, 104.18.251.114, ...
Connecting to swupdate.openvpn.org (swupdate.openvpn.org)|104.18.252.114|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 833 [text/plain]
Saving to: ‘openvpn-install-2.4.6-I602.exe.asc’
openvpn-install-2.4.6-I602.exe.asc 100%[==================================================================================>] 833 --.-KB/s in 0.002s
2018-07-13 15:42:22 (338 KB/s) - ‘openvpn-install-2.4.6-I602.exe.asc’ saved [833/833]
tct@ub16:~/openvpn/windows$ gpg --import security-key-2018.asc
gpg: directory `/home/tct/.gnupg' created
gpg: new configuration file `/home/tct/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/tct/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/tct/.gnupg/secring.gpg' created
gpg: keyring `/home/tct/.gnupg/pubring.gpg' created
gpg: /home/tct/.gnupg/trustdb.gpg: trustdb created
gpg: key 2F2B01E7: public key "OpenVPN - Security Mailing List <security@openvpn.net>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
tct@ub16:~/openvpn/windows$ gpg -v --verify openvpn-install-2.4.6-I602.exe.asc openvpn-install-2.4.6-I602.exe
gpg: Signature made Thu 26 Apr 2018 18:10:49 BST using RSA key ID AF131CAE
gpg: NOTE: signature key 8CC2B034 expired Tue 06 Mar 2018 12:17:50 GMT
gpg: using subkey AF131CAE instead of primary key 2F2B01E7
gpg: NOTE: signature key 8CC2B034 expired Tue 06 Mar 2018 12:17:50 GMT
gpg: using PGP trust model
gpg: Good signature from "OpenVPN - Security Mailing List <security@openvpn.net>"
gpg: NOTE: signature key 8CC2B034 expired Tue 06 Mar 2018 12:17:50 GMT
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F554 A368 7412 CFFE BDEF E0A3 12F5 F7B4 2F2B 01E7
Subkey fingerprint: D518 B9BD 643C F94D A5ED 9970 F132 B1CB AF13 1CAE
gpg: binary signature, digest algorithm SHA256
tct@ub16:~/openvpn/windows$ gpg --version
gpg (GnuPG) 1.4.20
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Last edited by TinCanTech on Fri Jul 13, 2018 8:32 pm, edited 1 time in total.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jul 13, 2018 1:39 pm
Re: Please update fingerprint and key id
Thanks. I did these steps. As you see in your output above the "signature key 8CC2B034 expired" and it's now "using subkey AF131CAE instead" and "There is no indication that the signature belongs to the owner". The subkey fingerprint and key id are not published on the wiki and web page. How then to verify?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Please update fingerprint and key id
It is important that you understand how gpg works.
Use your favourite search engine to query the term "gpg web of trust"
Use your favourite search engine to query the term "gpg web of trust"