Request for better instructions on verifying IDEA source signatures
I've been experimenting with the IDEA cipher 3rd party plugin files, and I keep reading about how I should verify their signatures.
Unfortunately, the help provided by the GnuPG page for that is useless. Sure, I get the .sig files, but nowhere, not even on the FTP site itself can I find the public keys to verify the signature.
I started surfing around the GnuPG pages and read that I could find a communal verifying key in the GnuPG\doc directory, but I don't see anything in my Mingw32 installation. And the key provided in armored ascii format does not match the signature. Great!
My argument: I think this is bad for getting people used to doing things right, as actually doing the safe thing has become a wild-goose chase for me. This by no-means encourages anyone to follow proper safety protocol if the suggestion to verify the IDEA code is impossible or extremely difficult, in this instance.