New software signature key (GPG)

What lately lead to some confusion on the side of Linux users:

We changed the software signing GPG key, but this was news not updated on the Debian repository instruction page. So some users got  an error while verifying the GPG signature, while we on our side could not see any problem. This is fixed now, please follow these instructions to get and use the new verification key:

https://anonymous-proxy-servers.net/en/help/install_pgp_signaturen.html

For Debian: 
https://anonymous-proxy-servers.net/en/help/firststeps2.html

The change of the key was necessary in order to separate it from the general e-mail and support key, so that developers and the support team do not need to share the same key. Moreover, the key has a greater cryptographic strength now.

This entry was posted by JonDos on Monday, January 25. 2016 at 16:31. and is filed under JonDonym News. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. tisch says:
    #1 2016-01-27 12:51 (Reply)

    Not working on Ubuntu 12.04. Any idea? gpg --recv 0x2146D0CD2B3CAA3E gpg: requesting key 2B3CAA3E from hkp server keys.gnupg.net gpg: key 2B3CAA3E: "JonDos GmbH (Software Signing Key) " not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg --fingerprint 0x2146D0CD2B3CAA3E pub 4096R/2B3CAA3E 2014-10-20 [expires: 2024-10-17] Key fingerprint = 6899 5C53 D2CE E11B 0E41 82F6 2146 D0CD 2B3C AA3E uid JonDos GmbH (Software Signing Key) sub 4096R/F9115DBF 2014-10-20 [expires: 2024-10-17] gpg --verify Software_JonDos_GmbH.asc gpg: verify signatures failed: unexpected data

  2. JonDos says:
    #1.1 2016-01-27 13:35 (Reply)

    Hi, yes, this is not the right way to do. You are trying to verify the key with itself, that will not work. Use the --verify command not on the key, but instead on data that was signed with the key. E.g. one of our download packages.

  3. tisch says:
    #1.1.1 2016-01-27 13:46 (Reply)

    I understand, thank you.


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
 
Submitted comments will be subject to moderation before being displayed.