• \[Solved\] Importing and verifying signing keys


    Recently installed tor and vidalia and Tor Browser package as per Arch Wiki instructions. Also decided to install the signing keys. However, one question to ask is after import of signing keys, I got this in Terminal.

    [[email protected] ~]$ gpg --recv-keys 0x63FEE659  
    gpg: keyring \`/home/frankenstein/.gnupg/secring.gpg' created  
    gpg: requesting key 63FEE659 from hkp server keys.gnupg.net  
    gpg: /home/frankenstein/.gnupg/trustdb.gpg: trustdb created  
    gpg: key 63FEE659: public key "Erinn Clark <[email protected]\>" imported  
    gpg: no ultimately trusted keys found  
    gpg: Total number processed: 1  
    gpg: imported: 1 (RSA: 1)
    

    where it states: “[i:27jhzvwf]gpg: no ultimately trusted keys found[/i:27jhzvwf]” what is this specifically referring to? Is it stating that the keys, which I copy/pasted from the Arch Wiki, which no-doubt it got from the Tor project, are not trusted or verified in some way by makepkg?

    If so, how to correct so as to have it without future or potential considerations in lieu of the aforementioned installed software? [b:27jhzvwf]If[/b:27jhzvwf] that is what the case is?

    Download " antergos-wallpapers-extra " and enjoy community sponsored wallpapers.

    Use the "Linux Beginner Search Engine"

    https://cse.google.com/cse/home?cx=017607476515012185699:b_owgx6xyi0

  • Recently installed tor and vidalia and Tor Browser package as per Arch Wiki instructions. Also decided to install the signing keys. However, one question to ask is after import of signing keys, I got this in Terminal.

    [[email protected]host ~]$ gpg --recv-keys 0x63FEE659  
    gpg: keyring \`/home/frankenstein/.gnupg/secring.gpg' created  
    gpg: requesting key 63FEE659 from hkp server keys.gnupg.net  
    gpg: /home/frankenstein/.gnupg/trustdb.gpg: trustdb created  
    gpg: key 63FEE659: public key "Erinn Clark <[email protected]\>" imported  
    gpg: no ultimately trusted keys found  
    gpg: Total number processed: 1  
    gpg: imported: 1 (RSA: 1)
    

    where it states: “[i:27jhzvwf]gpg: no ultimately trusted keys found[/i:27jhzvwf]” what is this specifically referring to? Is it stating that the keys, which I copy/pasted from the Arch Wiki, which no-doubt it got from the Tor project, are not trusted or verified in some way by makepkg?

    If so, how to correct so as to have it without future or potential considerations in lieu of the aforementioned installed software? [b:27jhzvwf]If[/b:27jhzvwf] that is what the case is?

    Download " antergos-wallpapers-extra " and enjoy community sponsored wallpapers.

    Use the "Linux Beginner Search Engine"

    https://cse.google.com/cse/home?cx=017607476515012185699:b_owgx6xyi0

  • Hi,

    Sorry we missed this post before. Pacman only consider’s keys as trusted if they are a part of your officially installed “keyrings” If you are certain the source is legit you can locally trust the keys and won’t have any problems.

    Cheers!

  • Hi. sorry for the delay in answering this older post of mine. I guess what I did is I re-initated the importing of the signing keys and everything seemed to have gone better the second time around afterwards. So ya…I guess all is well in the land of Antergos
    Actually, I should also state that the keys to be imported were visible in terminal after install of tor-browser-en and I do believe it was those same keys that I did import. In both instances.

    Download " antergos-wallpapers-extra " and enjoy community sponsored wallpapers.

    Use the "Linux Beginner Search Engine"

    https://cse.google.com/cse/home?cx=017607476515012185699:b_owgx6xyi0

Posts 4Views 1050
Log in to reply