Forum Discussion

New Contributor

4 months ago

Solved

pgp signature not trusted

I upgraded PGP signatures: $ curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --import gpg: key AC2D62742012EA22: 3 signatures not checked due to missing keys gpg: key AC2D62...

best practices

checks

linux

AJCxZ0
4 months ago
If you are trying to check that `op_linux_amd64_v2.31.1.zip` was signed with the detached signature `op.sig`, then you should run `gpg --verify op.sig op_linux_amd64_v2.31.1.zip`.
The check done during the package installation is almost certainly done correctly and the process should fail if the check fails. In the trust model with which you're working, the successful install of a native or AUR package should give you confidence that the file(s) fetched have not been modified since the package was last updated.

AJCxZ0

Bronze Expert

4 months ago

If you are trying to check that `op_linux_amd64_v2.31.1.zip` was signed with the detached signature `op.sig`, then you should run `gpg --verify op.sig op_linux_amd64_v2.31.1.zip`.

The check done during the package installation is almost certainly done correctly and the process should fail if the check fails. In the trust model with which you're working, the successful install of a native or AUR package should give you confidence that the file(s) fetched have not been modified since the package was last updated.

Jacek

New Contributor

4 months ago

Great, thanks.

Forum Discussion

pgp signature not trusted

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

Chrome Extension Settings

Upcoming 1Password webinars

2FA not working across timezones

Failed login attempts

Feature Request: Rename Employee Vault in 1Password Business