Results 1 to 1 of 1

Thread: Verifying cygwin download: setup.exe

  1. #1
    Join Date
    Feb 2005
    Beans
    509
    Distro
    Lubuntu 11.10 Oneiric Ocelot

    Verifying cygwin download: setup.exe

    Hi,

    Can anyone shed some light on how to authenticate a download (setup.exe) from a site (http://www.cygwin.com/install.html) that offers both a signature for a file (setup.exe.sig) and a PGP public key.

    I tried the below tutorial from Nicraft:

    http://www.cyberciti.biz/tips/howto-...g-command.html

    But it resulted in the below failure:

    [mb@mike ~]$ gpg --verify pubring.asc setup.exe
    gpg: verify signatures failed: unexpected data

    I followed the below sequence:

    gpg pubring.asc

    spat out:

    pub 1024D/676041BA 2008-06-13 Cygwin <cygwin@cygwin.com>
    sub 1024g/A1DB7B5C 2008-06-13

    then I tried the below:

    gpg --keyserver pgpkeys.mit.edu --recv-key 676041BA

    gpg: requesting key 676041BA from hkp server pgpkeys.mit.edu
    gpg: key 676041BA: "Cygwin <cygwin@cygwin.com>" not changed
    gpg: Total number processed: 1
    gpg: unchanged: 1

    then

    gpg --fingerprint 676041BA

    pub 1024D/676041BA 2008-06-13
    Key fingerprint = 1169 DF9F 2273 4F74 3AA5 9232 A9A2 62FF 6760 41BA
    uid Cygwin <cygwin@cygwin.com>
    sub 1024g/A1DB7B5C 2008-06-13

    then

    gpg --verify pubring.asc setup.exe

    gpg --verify pubring.asc setup.exe
    gpg: verify signatures failed: unexpected data



    I now see why Ubuntu uses md5/sha1 hashes a far easier method!

    Any help will be much appreciated.
    Last edited by john_spiral; June 3rd, 2011 at 04:35 PM. Reason: email

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •