Our community is getting an upgrade on July 2nd! Learn more in the FAQs →
Forum Discussion
Solved
pgp signature not trusted
I upgraded PGP signatures: $ curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --import
gpg: key AC2D62742012EA22: 3 signatures not checked due to missing keys
gpg: key AC2D62...
If you are trying to check that `op_linux_amd64_v2.31.1.zip` was signed with the detached signature `op.sig`, then you should run `gpg --verify op.sig op_linux_amd64_v2.31.1.zip`.
The check done during the package installation is almost certainly done correctly and the process should fail if the check fails. In the trust model with which you're working, the successful install of a native or AUR package should give you confidence that the file(s) fetched have not been modified since the package was last updated.
If you are trying to check that `op_linux_amd64_v2.31.1.zip` was signed with the detached signature `op.sig`, then you should run `gpg --verify op.sig op_linux_amd64_v2.31.1.zip`.
The check done during the package installation is almost certainly done correctly and the process should fail if the check fails. In the trust model with which you're working, the successful install of a native or AUR package should give you confidence that the file(s) fetched have not been modified since the package was last updated.
Great, thanks.
