how to sign a key

gambeta's Avatar

gambeta

24 Jun, 2019 05:41 PM

Which of our tools is giving you problems? GPG Keychain v1.4.6 (1514)

Describe your problem. Add as much detail as possible.

looking on how to verify signature of a file (veracrypt.dmg) in their website (https://www.veracrypt.fr/en/Digital%20Signatures.html), it says in the step 4:
4- Sign the imported key with your private key to mark it as trusted,
Note: If you skip this step and attempt to verify any of our PGP signatures, you will receive an error message stating that the signing key is invalid.
so, how to do that using GPG Keychain,
Thanks.

  1. Support Staff 1 Posted by Steve on 24 Jun, 2019 06:23 PM

    Steve's Avatar

    Hi gambeta,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    This KB explains how to verify downloaded files:
    https://gpgtools.tenderapp.com/kb/how-to/how-to-verify-the-download...

    Verifying a file with a public key that has not been signed should not result in an error. The signature would then show with "undefinied trust" as shown in the KB article.

    Randomly signing the key without verifying it, would not be good practice. But is possible. This KB-article explains how to verify and sign a key.

    Hope this helps,
    Steve

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac