[squid-users] Can't verify the signature of squid-6.7.tar.gz

Amos Jeffries squid3 at treenet.co.nz
Mon Feb 26 23:20:14 UTC 2024


Excellent news.

Thank you for the feedback on the solution.


Cheers
Amos

On 22/02/24 10:14, Miha Miha wrote:
> Hi Amos,
> 
> It took me some time to check and verify.
> I'm posting my findings here just to complete the thread.
> 
> Regarding this one:
> 
>> On 8/02/24 02:19, Miha Miha wrote:
>>> Hi Francesco,
>>>
>>> I still get an issue, although a slightly different one:
>>>
>>> #gpg --verify squid-6.7.tar.gz.asc squid-6.7.tar.gz
>>> gpg: Signature made Tue 06 Feb 2024 10:51:28 PM EET using ? key ID FEF6E865
>>> gpg: Can't check signature: Invalid public key algorithm
>>
>> On Thu, Feb 8, 2024 at 7:58 AM Amos Jeffries <squid3 at treenet.co.nz> wrote:
>>
>> The error mentions algorithm, so also check the ciphers/algorithms
>> supported by your GPG agent. The new key uses the EDDSA cipher instead
>> of typical RSA.
> 
> Indeed, the problem is with my gpg agent - gpg (GnuPG) 2.0.22 which
> doesn't support EDDSA. My system is CentOS7 and it sticks to GnuPG
> 2.0.x
> 
> I did another test on Amazon Linux with gpg (GnuPG) 2.3.7 (it supports
> EDDSA) and there I was able to verify the package with the given pub
> key.
> 
> All questions are clarified. Thank you!
> 
> Regards,
> Mihail


More information about the squid-users mailing list