This is the mail archive of the
mailing list for the Cygwin project.
gpg ca-cert-file=[which file???]
- From: Lee <ler762 at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Sat, 15 Jul 2017 14:40:33 -0400
- Subject: gpg ca-cert-file=[which file???]
- Authentication-results: sourceware.org; auth=none
It seems a bit silly to be downloading pgp keys 'in the clear', so
after a bit of searching I think I want
in my ~/.gnupg/gpg.conf so I can do auto-key-retrieve securely ... or
at least over an encrypted channel. But what file should I be using
as the ca-cert file?
What I ended up doing is
$ cd /etc
$ find . -name \*pem
and trying each file until I finally got one that worked:
$ grep "^keyserver" ~/.gnupg/gpg.conf
$ gpg --auto-key-locate keyserver --keyserver-options
auto-key-retrieve --verify BIND9.9.10-P1.x64.zip.asc
gpg: assuming signed data in `BIND9.9.10-P1.x64.zip'
gpg: Signature made Mon, Jun 5, 2017 2:31:57 PM EDT
gpg: using RSA key 0xF1B11BF05CF02E57
gpg: requesting key 0xF1B11BF05CF02E57 from hkps server pgp.mit.edu
gpg: key 0xF1B11BF05CF02E57: public key "Internet Systems Consortium,
Inc. (Signing key, 2017-2018) <email@example.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: Good signature from "Internet Systems Consortium, Inc. (Signing
key, 2017-2018) <firstname.lastname@example.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BE0E 9748 B718 253A 28BB 89FF F1B1 1BF0 5CF0 2E57
Is there a better/more-correct file to use for the ca-cert-file= parameter?
How hard would it be to add hkps:// usage examples to the default gpg.conf file?
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple