Can't verify GPG key for hashcat-3.10.tar.gz
#1
Hello,

I'm totally new to GPG. How do I verify the public key provided by hashcat?

I attempted several commands:


Code:
gpg --verify hashcat-3.10.tar.gz.asc hashcat-3.10.tar.gz 
gpg: Signature made Wed Aug 24 01:37:43 2016 PDT using RSA key ID 8A16544F
gpg: Can't check signature: No public key

Code:
gpg --no-default-keyring --keyring hashcat-3.10.tar.gz.asc --verify hashcat-3.10.tar.gz
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.

Code:
gpg --import hashcat-3.10.tar.gz.asc 
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

However, looking at my copy hashcat-3.10.tar.gz.asc in a text editor does show it contains data a PGP sig.

Here is my output from gpg --version

Code:
gpg (GnuPG) 2.0.30
libgcrypt 1.7.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Reply
#2
https://hashcat.net/wiki/doku.php?id=fre...signatures
Reply