Boost public key

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Boost public key

Boost - Users mailing list
Hi

I'm trying to find the boost public pgp key so I can validate the
release archive against its signature file.

But I can't find where to import the public key from or what it is called.

Thanks for any help.


_______________________________________________
Boost-users mailing list
[hidden email]
https://lists.boost.org/mailman/listinfo.cgi/boost-users
Reply | Threaded
Open this post in threaded view
|

Re: Boost public key

Boost - Users mailing list
On 16/12/2019 17:15, David P. Riedel via Boost-users wrote:
> Hi
>
> I'm trying to find the boost public pgp key so I can validate the
> release archive against its signature file.
>
> But I can't find where to import the public key from or what it is
> called.
>
> Thanks for any help.
Where are you downloading from?  I have seen asc files at this link:

<https://dl.bintray.com/boostorg/release/1.72.0/source/>



--
With over 1.2 billion devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

_______________________________________________
Boost-users mailing list
[hidden email]
https://lists.boost.org/mailman/listinfo.cgi/boost-users
Reply | Threaded
Open this post in threaded view
|

Re: Boost public key

Boost - Users mailing list
On 12/16/19 1:08 PM, Good Guy via Boost-users wrote:

> On 16/12/2019 17:15, David P. Riedel via Boost-users wrote:
>> Hi
>>
>> I'm trying to find the boost public pgp key so I can validate the
>> release archive against its signature file.
>>
>> But I can't find where to import the public key from or what it is
>> called.
>>
>> Thanks for any help.
> Where are you downloading from?  I have seen asc files at this link:
>
> <https://dl.bintray.com/boostorg/release/1.72.0/source/>
>
>
>
Yes, I've downloaded the .7z archive and the .7z.asc signature file

But when I do:  gpg --verify using the signature and archive file names,
gpg says it can't because I don't have the public key, hence my question.

Thanks

_______________________________________________
Boost-users mailing list
[hidden email]
https://lists.boost.org/mailman/listinfo.cgi/boost-users
Reply | Threaded
Open this post in threaded view
|

Re: Boost public key

Boost - Users mailing list
On 16/12/2019 18:31, David P. Riedel via Boost-users wrote:

> On 12/16/19 1:08 PM, Good Guy via Boost-users wrote:
>> On 16/12/2019 17:15, David P. Riedel via Boost-users wrote:
>>> Hi
>>>
>>> I'm trying to find the boost public pgp key so I can validate the
>>> release archive against its signature file.
>>>
>>> But I can't find where to import the public key from or what it is
>>> called.
>>>
>>> Thanks for any help.
>> Where are you downloading from?  I have seen asc files at this link:
>>
>> <https://dl.bintray.com/boostorg/release/1.72.0/source/>
>>
>>
>>
> Yes, I've downloaded the .7z archive and the .7z.asc signature file
>
> But when I do:  gpg --verify using the signature and archive file
> names, gpg says it can't because I don't have the public key, hence my
> question.
>
> Thanks
>
>

You can verify using this:

sha256":"25db3956a8d58187ac7a0702cc917e9bab47ff90baafc35e4e789dca1ce5f423"

You get this code from the json file available at the same link provided
above.



--
With over 1.2 billion devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

_______________________________________________
Boost-users mailing list
[hidden email]
https://lists.boost.org/mailman/listinfo.cgi/boost-users
Reply | Threaded
Open this post in threaded view
|

Re: Boost public key

Boost - Users mailing list
On 16/12/2019 20:34, Good Guy via Boost-users wrote:

>
> You can verify using this:
>
> sha256":"25db3956a8d58187ac7a0702cc917e9bab47ff90baafc35e4e789dca1ce5f423"
>
>
> You get this code from the json file available at the same link
> provided above.
>
>
>

Sorry the correct sha256 latest version is this:

{
"sha256":"247a91dd7e4d9dd3c4b954b532fbc167ba62dc15ab834e5ad893d7c3f9eb5f0f",
"file":"boost_1_72_0.7z",
"commit":"789155d431930ebef4766550ed7bd09f62eac714"
}

The json file is this:

<https://dl.bintray.com/boostorg/release/1.72.0/source/boost_1_72_0.7z.json>

--
With over 1.2 billion devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

_______________________________________________
Boost-users mailing list
[hidden email]
https://lists.boost.org/mailman/listinfo.cgi/boost-users
Reply | Threaded
Open this post in threaded view
|

Re: Boost public key

Boost - Users mailing list
In reply to this post by Boost - Users mailing list
On Mon, Dec 16, 2019 at 12:39 PM David P. Riedel via Boost-users <[hidden email]> wrote:
On 12/16/19 1:08 PM, Good Guy via Boost-users wrote:
> On 16/12/2019 17:15, David P. Riedel via Boost-users wrote:
>> Hi
>>
>> I'm trying to find the boost public pgp key so I can validate the
>> release archive against its signature file.
>>
>> But I can't find where to import the public key from or what it is
>> called.
>>
>> Thanks for any help.
> Where are you downloading from?  I have seen asc files at this link:
>
> <https://dl.bintray.com/boostorg/release/1.72.0/source/>
>
>
>
Yes, I've downloaded the .7z archive and the .7z.asc signature file

But when I do:  gpg --verify using the signature and archive file names,
gpg says it can't because I don't have the public key, hence my question.

The archives are signed against the Bintray general key. I don't have a link handy to it ATM though.

--
-- Rene Rivera
-- Grafik - Don't Assume Anything
-- Robot Dreams - http://robot-dreams.net


_______________________________________________
Boost-users mailing list
[hidden email]
https://lists.boost.org/mailman/listinfo.cgi/boost-users
Reply | Threaded
Open this post in threaded view
|

Re: Boost public key

Boost - Users mailing list
On 12/16/19 3:55 PM, Rene Rivera via Boost-users wrote:

> On Mon, Dec 16, 2019 at 12:39 PM David P. Riedel via Boost-users
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     On 12/16/19 1:08 PM, Good Guy via Boost-users wrote:
>      > On 16/12/2019 17:15, David P. Riedel via Boost-users wrote:
>      >> Hi
>      >>
>      >> I'm trying to find the boost public pgp key so I can validate the
>      >> release archive against its signature file.
>      >>
>      >> But I can't find where to import the public key from or what it is
>      >> called.
>      >>
>      >> Thanks for any help.
>      > Where are you downloading from?  I have seen asc files at this link:
>      >
>      > <https://dl.bintray.com/boostorg/release/1.72.0/source/>
>      >
>      >
>      >
>     Yes, I've downloaded the .7z archive and the .7z.asc signature file
>
>     But when I do:  gpg --verify using the signature and archive file
>     names,
>     gpg says it can't because I don't have the public key, hence my
>     question.
>
>
> The archives are signed against the Bintray general key. I don't have a
> link handy to it ATM though.
>
> --
> -- Rene Rivera
> -- Grafik - Don't Assume Anything
> -- Robot Dreams - http://robot-dreams.net <http://robot-dreams.net/>
>
>
> _______________________________________________
> Boost-users mailing list
> [hidden email]
> https://lists.boost.org/mailman/listinfo.cgi/boost-users
>

Thanks!  the gpg --verify command which failed said the archive was
signed using RSA key 379CE192D401AB61.  I tried a gpg --search-keys with
that ID and found  the Bintray entry which I could then import. gpg
--verify then did complain that the imported key was untrusted so there
must be some additional step needed for this to be useful.


_______________________________________________
Boost-users mailing list
[hidden email]
https://lists.boost.org/mailman/listinfo.cgi/boost-users