Roundcube Community Forum

News and Announcements => General Discussion => Topic started by: rokj on December 28, 2020, 05:55:57 AM

Title: Signature warning
Post by: rokj on December 28, 2020, 05:55:57 AM

Hi,

I tried importing, verifying gpg key and got ... is this ok?

gpg --verify roundcubemail-1.4.10-complete.tar.gz.asc roundcubemail-1.4.10-complete.tar.gz
gpg: Signature made ned 27 dec 2020 22:58:11 CET
gpg:                using RSA key 8970E37A698AF775D87D590DC2946A9609CD56B4
gpg:                issuer "devs@roundcube.net"
gpg: Good signature from "Roundcube Developers <devs@roundcube.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F3E4 C04B B3DB 5D42 15C4  5F7F 5AB2 BAA1 41C4 F7D5
     Subkey fingerprint: 8970 E37A 698A F775 D87D  590D C294 6A96 09CD 56B4

Title: Re: Signature warning
Post by: JohnDoh on December 28, 2020, 07:02:25 AM

The primary key fingerprint appears correct and the signature has verified so I think it is ok.

You can read more about the trusted signature warning here https://security.stackexchange.com/questions/147447/gpg-why-is-my-trusted-key-not-certified-with-a-trusted-signature