Request for better instructions on verifying IDEA source signatures

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Request for better instructions on verifying IDEA source signatures

smu johnson

I've been experimenting with the IDEA cipher 3rd party plugin files, and I keep reading about how I should verify their signatures.

Unfortunately, the help provided by the GnuPG page for that is useless.  Sure, I get the .sig files, but nowhere, not even on the FTP site itself can I find the public keys to verify the signature.

I started surfing around the GnuPG pages and read that I could find a communal verifying key in the GnuPG\doc directory, but I don't see anything in my Mingw32 installation.  And the key provided in armored ascii format does not match the signature.  Great!

My argument:  I think this is bad for getting people used to doing things right, as actually doing the safe thing has become a wild-goose chase for me.  This by no-means encourages anyone to follow proper safety protocol if the suggestion to verify the IDEA code is impossible or extremely difficult, in this instance.

Thank you for reading.

smu johnson <[hidden email]>

Gnupg-doc mailing list
[hidden email]