Discussion:
[rancid] signing key?
Lee
2018-03-22 17:46:09 UTC
Permalink
Hello again and thanks for the answers!
My device happens to be SRX100b and version of the Rancid is 3.3.
I got from “apt-get install rancid cvs”
ftp://ftp.shrubbery.net/pub/ranciD
Which has a detached sig -- thank you!! But what key was used for signing?

Thanks
Lee
heasley
2018-03-22 17:47:00 UTC
Permalink
Post by Lee
Hello again and thanks for the answers!
My device happens to be SRX100b and version of the Rancid is 3.3.
I got from “apt-get install rancid cvs”
ftp://ftp.shrubbery.net/pub/ranciD
Which has a detached sig -- thank you!! But what key was used for signing?
mine
Lee
2018-03-22 18:07:30 UTC
Permalink
Post by Lee
Hello again and thanks for the answers!
My device happens to be SRX100b and version of the Rancid is 3.3.
I got from “apt-get install rancid cvs”
ftp://ftp.shrubbery.net/pub/ranciD
Which has a detached sig -- thank you!! But what key was used for signing?
mine
touché

I don't have your key, so verifying the fingerprint would be nice; a
file I can gpg --import even better

Thanks
Lee
Boheme
2018-03-22 19:30:07 UTC
Permalink
gpg --search-keys ***@shrubbery.net

-Sent from my Pip-Boy 3000
Post by Lee
Post by Lee
Hello again and thanks for the answers!
My device happens to be SRX100b and version of the Rancid is 3.3.
I got from “apt-get install rancid cvs”
ftp://ftp.shrubbery.net/pub/ranciD
Which has a detached sig -- thank you!! But what key was used for signing?
mine
touché
I don't have your key, so verifying the fingerprint would be nice; a
file I can gpg --import even better
Thanks
Lee
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
Lee
2018-03-22 20:13:35 UTC
Permalink
Thanks, but that's not the positive ack I'm looking for.

Maybe he did use a key created in 1996 & maybe that really is his key,
but I'd rather get the fingerprint from him instead of just searching
for a key that works.

$ gpg --verify rancid-3.7.tar.gz.sig rancid-3.7.tar.gz
gpg: Signature made Wed, Mar 7, 2018 7:32:42 PM EST
gpg: using RSA key 0x4B2BDD527A774C09
gpg: Can't check signature: public key not found

$ gpg --search-keys ***@shrubbery.net
gpg: searching for "***@shrubbery.net" from hkps server
hkps.pool.sks-keyservers.net
(1) John Heasley <***@shrubbery.net>
2048 bit RSA key 0xFC860A57C2B34FCB, created: 2015-07-06
(2) John Heasley <***@shrubbery.net>
2048 bit DSA key 0x4472A69EB6650559, created: 2015-04-23
(3) John Heasley <***@shrubbery.net>
1024 bit RSA key 0x0A5CE6407A774C09, created: 2014-06-16 (revoked)
(4) John Heasley <***@shrubbery.net>
1024 bit RSA key 0x4B2BDD527A774C09, created: 1996-12-20
Post by Lee
Post by Lee
Hello again and thanks for the answers!
My device happens to be SRX100b and version of the Rancid is 3.3.
I got from “apt-get install rancid cvs”
ftp://ftp.shrubbery.net/pub/ranciD
Which has a detached sig -- thank you!! But what key was used for signing?
mine
touché
I don't have your key, so verifying the fingerprint would be nice; a
file I can gpg --import even better
Thanks
Lee
heasley
2018-03-24 10:07:52 UTC
Permalink
Post by Lee
Thanks, but that's not the positive ack I'm looking for.
Maybe he did use a key created in 1996 & maybe that really is his key,
but I'd rather get the fingerprint from him instead of just searching
for a key that works.
i hadnt noticed that it was using the old key; the tool behavior changed
and i didnt notice. future sigs will use the more recent key/subkey.
Post by Lee
$ gpg --verify rancid-3.7.tar.gz.sig rancid-3.7.tar.gz
gpg: Signature made Wed, Mar 7, 2018 7:32:42 PM EST
gpg: using RSA key 0x4B2BDD527A774C09
gpg: Can't check signature: public key not found
hkps.pool.sks-keyservers.net
2048 bit RSA key 0xFC860A57C2B34FCB, created: 2015-07-06
2048 bit DSA key 0x4472A69EB6650559, created: 2015-04-23
1024 bit RSA key 0x0A5CE6407A774C09, created: 2014-06-16 (revoked)
1024 bit RSA key 0x4B2BDD527A774C09, created: 1996-12-20
Post by Lee
Post by Lee
Hello again and thanks for the answers!
My device happens to be SRX100b and version of the Rancid is 3.3.
I got from “apt-get install rancid cvs”
ftp://ftp.shrubbery.net/pub/ranciD
Which has a detached sig -- thank you!! But what key was used for signing?
mine
touché
I don't have your key, so verifying the fingerprint would be nice; a
file I can gpg --import even better
Thanks
Lee
Loading...