mercredi 4 mai 2016

Verfy a downloadfile from XDA using GPG - where i can get the (public?) key?

From the XDA Downloadmirror: http://ift.tt/1NVVnmN i have downloaded this files:

xposed-v83-sdk22-arm.zip
xposed-v83-sdk22-arm.zip.asc
and
xposed-v84-sdk22-arm.zip
xposed-v84-sdk22-arm.zip.asc

sereral times, and with different desktop-pc's

every time with the same bad result:

As I use GPG in a Terminal on my Linux system to confirm verivication zip.asc file with the associated .zip file,
GPG says: "...Can't check signature: No public key"

Maybe my entry not have been correct (I have previously never used GPG) or the files on the xda-Server are really corrupt?
Here i shows the syntax of my entry i my Linux Terminal:

$ gpg --verify xposed-v84-sdk22-arm.zip.asc xposed-v84-sdk22-arm.zip

Every time it gets the same bad result:
gpg: Signature made Tue 03 Mai 2016 22:58:30 CEST using RSA key ID 852109AA
gpg: Can't check signature: No public key

In my Opinion XDA must have a Public(?)Key (Server?) in addition to those used .asc files - like e.g. Torproject:

"The Tor Browser team signs the Tor Browsers. Import its key (0x4E2C6E8793298290) by starting cmd.exe and typing"
after this, the line with the syntax:
" gpg --verify C:\...torbrowser-install-5....exe.asc C:\...torbrowser-install-5....exe.asc"

Perhaps GPG need this Key first to work properly?

If it is so, than where hosts xda a key then i need first to Import? I search a long time on xda, and i can't find this!


from xda-developers http://ift.tt/1q0KyEs
via IFTTT

Aucun commentaire:

Enregistrer un commentaire