Author Topic: Signature warning  (Read 1285 times)

Offline rokj

  • Jr. Member
  • **
  • Posts: 12
Signature warning
« on: December 28, 2020, 05:55:57 AM »
Hi,

I tried importing, verifying gpg key and got ... is this ok?

gpg --verify roundcubemail-1.4.10-complete.tar.gz.asc roundcubemail-1.4.10-complete.tar.gz
gpg: Signature made ned 27 dec 2020 22:58:11 CET
gpg:                using RSA key 8970E37A698AF775D87D590DC2946A9609CD56B4
gpg:                issuer "devs@roundcube.net"
gpg: Good signature from "Roundcube Developers <devs@roundcube.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F3E4 C04B B3DB 5D42 15C4  5F7F 5AB2 BAA1 41C4 F7D5
     Subkey fingerprint: 8970 E37A 698A F775 D87D  590D C294 6A96 09CD 56B4

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: Signature warning
« Reply #1 on: December 28, 2020, 07:02:25 AM »
The primary key fingerprint appears correct and the signature has verified so I think it is ok.

You can read more about the trusted signature warning here https://security.stackexchange.com/questions/147447/gpg-why-is-my-trusted-key-not-certified-with-a-trusted-signature
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and moreā€¦