You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Gary Barber <ga...@pdisrd.com> on 2003/06/25 15:25:27 UTC

[users@httpd] Checking file signatures

Please help!

I am trying to upgrade my HTTP server to version httpd-2.0.46.

I downloaded the httpd-2.0.46.tar.gz file from the website and got the
httpd-2.0.46.tar.gz.asc.

When checking the validity of the file I issued commands and got the
following feedback.

gpg httpd-2.0.46.tar.gz.asc
gpg: Signature made Wed 28 May 2003 12:11:48 AM CDT using DSA key ID
E2226795
gpg: Can't check signature: public key not found


gpg --keyserver pgpkeys.mit.edu --recv-key E2226795
gpg: requesting key E2226795 from HKP keyserver pgpkeys.mit.edu
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key E2226795: public key imported
gpg: Total number processed: 1
gpg:               imported: 1


gpg httpd-2.0.46.tar.gz.asc
gpg: Signature made Wed 28 May 2003 12:11:48 AM CDT using DSA key ID
E2226795
gpg: BAD signature from "Justin R. Erenkrantz <ju...@erenkrantz.com>"


Am I doing something wrong or did I truly get a bad signature?

How can I get a good signature?

Thanks in advance.

- Gary

RE: [users@httpd] Checking file signatures

Posted by Gary Barber <ga...@pdisrd.com>.

Thank you for your help.

Gary Barber

2741 PDI Place
Ankeny, IA 50021
(515)965-6345

-----Original Message-----
From: Max Dittrich [mailto:Max.Dittrich@t-online.de]
Sent: Wednesday, June 25, 2003 11:53 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Checking file signatures

Gary Barber wrote:
> Please help!
>
> I am trying to upgrade my HTTP server to version httpd-2.0.46.
>
> I downloaded the httpd-2.0.46.tar.gz file from the website and got the
> httpd-2.0.46.tar.gz.asc.
>
> When checking the validity of the file I issued commands and got the
> following feedback.
>

[...]

>
> gpg httpd-2.0.46.tar.gz.asc
> gpg: Signature made Wed 28 May 2003 12:11:48 AM CDT using DSA key ID
> E2226795
> gpg: BAD signature from "Justin R. Erenkrantz <ju...@erenkrantz.com>"
>
>
> Am I doing something wrong or did I truly get a bad signature?
>
> How can I get a good signature?

I had no problems verifying "httpd-2.0.46.tar.gz.asc" using the keys
from http://www.apache.org/dist/httpd/KEYS or using the one retrieved
from pgpkeys.mit.edu.

You can check the integrity of your tarball by generating a MD5-checksum
. The result should be:

     ff682f82f0808eb01df60824d959ebe8  httpd-2.0.46.tar.gz

.max


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Checking file signatures

Posted by Max Dittrich <Ma...@t-online.de>.

Gary Barber wrote:
> Please help!
> 
> I am trying to upgrade my HTTP server to version httpd-2.0.46.
> 
> I downloaded the httpd-2.0.46.tar.gz file from the website and got the
> httpd-2.0.46.tar.gz.asc.
> 
> When checking the validity of the file I issued commands and got the
> following feedback.
> 

[...]

> 
> gpg httpd-2.0.46.tar.gz.asc
> gpg: Signature made Wed 28 May 2003 12:11:48 AM CDT using DSA key ID
> E2226795
> gpg: BAD signature from "Justin R. Erenkrantz <ju...@erenkrantz.com>"
> 
> 
> Am I doing something wrong or did I truly get a bad signature?
> 
> How can I get a good signature?

I had no problems verifying "httpd-2.0.46.tar.gz.asc" using the keys 
from http://www.apache.org/dist/httpd/KEYS or using the one retrieved 
from pgpkeys.mit.edu.

You can check the integrity of your tarball by generating a MD5-checksum 
. The result should be:

     ff682f82f0808eb01df60824d959ebe8  httpd-2.0.46.tar.gz

.max


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org