<html><head></head><body><div class="ydpae18184fyahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:10px;"><div></div>
<div dir="ltr" data-setdir="false"><font size="2">Hi Bernhard</font></div><div dir="ltr" data-setdir="false"><font size="2"><br></font></div><div dir="ltr" data-setdir="false"><font size="2">Thank you for your prompt reply.</font></div><div dir="ltr" data-setdir="false"><font size="2"><br></font></div><div dir="ltr" data-setdir="false"><font size="2">You wrote: "Since 2021 the signatures are created by one of the official GnuPG release keys (aka certificates) they can be obtained from the GnuPG Homepage or downloaded from public keyservers."</font><div class="ydp714f3798pasted-link"><font size="2"><br>OK, I understand now that I have to get the signing key manually.<br><br>On a different subject, if I wish to refresh keys, is the following command correct?<br><br>C:\Program Files (x86)\GnuPG\bin\gpg.exe --refresh-keys<br><br></font><div><font size="2">(Source: <a href="https://lists.gnupg.org/pipermail/gnupg-users/2010-June/038834.html)" rel="nofollow" target="_blank">https://lists.gnupg.org/pipermail/gnupg-users/2010-June/038834.html)</a></font></div><div><font size="2"><br></font></div><div dir="ltr" data-setdir="false"><font size="2">Best regards.</font></div><div dir="ltr" data-setdir="false"><font size="2"><br></font></div><div dir="ltr" data-setdir="false"><font size="2">Bowie<br></font></div></div><div><br></div></div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false"><br></div><div><br></div>
</div><div id="ydpc25dbf18yahoo_quoted_1891418241" class="ydpc25dbf18yahoo_quoted">
<div style="font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(38, 40, 42); --darkreader-inline-color: #cfcbc4;" data-darkreader-inline-color="">
<div>
On Wednesday, December 21, 2022 at 02:17:34 PM UTC, Bernhard Reiter <bernhard@intevation.de> wrote:
</div>
<div><br></div>
<div><br></div>
<div>Hi Bowie,<br clear="none"><br clear="none">Am Mittwoch 21 Dezember 2022 03:47:34 schrieb Bowie Frisch:<br clear="none">> I have just downloaded both gpg4win-4.1.0.exe and gpg4win-4.1.0.exe.sig and<br clear="none">> found out that a new key had been used to sign the Windows executable?<br clear="none">> H:\Gpg4win>gpg -v gpg4win-4.1.0.exe.sig<br clear="none"><br clear="none">> gpg: Signature made 20-Dec-22 18:34:38 W. Australia Standard Time<br clear="none">> gpg: using ECDSA key<br clear="none">> 02F38DFF731FF97CB039A1DA549E695E905BA208 gpg: Can't check signature: No<br clear="none">> public key<br clear="none"><br clear="none">to get the current pubkeys (or read about verification) see<br clear="none"> <a shape="rect" href="https://www.gpg4win.de/package-integrity.html" rel="nofollow" target="_blank">https://www.gpg4win.de/package-integrity.html</a><br clear="none"><br clear="none">"Since 2021 the signatures are created by one of the official GnuPG release <br clear="none">keys (aka certificates) they can be obtained from the GnuPG Homepage or <br clear="none">downloaded from public keyservers. "<br clear="none"><br clear="none">-> <a shape="rect" href="https://gnupg.org/signature_key.html" rel="nofollow" target="_blank">https://gnupg.org/signature_key.html</a><br clear="none">pub brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31]<br clear="none"> 02F3 8DFF 731F F97C B039 A1DA 549E 695E 905B A208<br clear="none">uid GnuPG.com (Release Signing Key 2021)<div class="ydpc25dbf18yqt8282515364" id="ydpc25dbf18yqtfd40505"><br clear="none"><br clear="none">> I did refresh the keys by typing the following command in an elevated<br clear="none">> command prompt: C:\Program Files (x86)\GnuPG\bin\gpg.exe --refresh-keys<br clear="none">> What happened?<br clear="none">> The key ID that I have is 2688DA1A</div><br clear="none"><br clear="none">This is the old key, used up to 2021.<br clear="none">(As documented on <a shape="rect" href="https://www.gpg4win.de/package-integrity.html" rel="nofollow" target="_blank">https://www.gpg4win.de/package-integrity.html</a>)<br clear="none"><br clear="none">Best Regards<br clear="none">Bernhard<br clear="none"><br clear="none">-- <br clear="none"><a shape="rect" href="https://intevation.de/~bernhard " rel="nofollow" target="_blank">https://intevation.de/~bernhard </a> +49 541 33 508 3-3<br clear="none">Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998<br clear="none">Geschäftsführer Frank Koormann, Bernhard Reiter<div class="ydpc25dbf18yqt8282515364" id="ydpc25dbf18yqtfd78517"><br clear="none"></div></div>
</div>
</div></body></html>