New software signature key (GPG)

What lately lead to some confusion on the side of Linux users:

We changed the software signing GPG key, but this was news not updated on the Debian repository instruction page. So some users got  an error while verifying the GPG signature, while we on our side could not see any problem. This is fixed now, please follow these instructions to get and use the new verification key:

For Debian:

The change of the key was necessary in order to separate it from the general e-mail and support key, so that developers and the support team do not need to share the same key. Moreover, the key has a greater cryptographic strength now.


    No Trackbacks


Display comments as (Linear | Threaded)

  1. tisch says:

    Not working on Ubuntu 12.04. Any idea? gpg --recv 0x2146D0CD2B3CAA3E gpg: requesting key 2B3CAA3E from hkp server gpg: key 2B3CAA3E: "JonDos GmbH (Software Signing Key) " not changed gpg: Total number processed: 1 gpg: unchanged: 1 gpg --fingerprint 0x2146D0CD2B3CAA3E pub 4096R/2B3CAA3E 2014-10-20 [expires: 2024-10-17] Key fingerprint = 6899 5C53 D2CE E11B 0E41 82F6 2146 D0CD 2B3C AA3E uid JonDos GmbH (Software Signing Key) sub 4096R/F9115DBF 2014-10-20 [expires: 2024-10-17] gpg --verify Software_JonDos_GmbH.asc gpg: verify signatures failed: unexpected data

  2. JonDos says:

    Hi, yes, this is not the right way to do. You are trying to verify the key with itself, that will not work. Use the --verify command not on the key, but instead on data that was signed with the key. E.g. one of our download packages.

  3. tisch says:

    I understand, thank you.

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
Submitted comments will be subject to moderation before being displayed.