ORG>" 4 new
signatures
gpg: key 12D3461D: "Sendmail Signing Key/1997
" 4 new
signatures
gpg: key A0F8AA0C: public key "Sendmail, Inc. Security Officer sendmail.com>" imported
gpg: key BF7BA421: "Eric Allman " 4 new user IDs
gpg: key BF7BA421: "Eric Allman " 44 new signatures
gpg: key A00E1563: "Gregory Neil Shapiro " 48 new signatures
gpg: key 22327A01: "Claus Assmann (PGP2) " 14 new signatures
gpg: Total number processed: 15
gpg: imported: 1
gpg: new user IDs: 4
gpg: new signatures: 222
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
Notice that the newest key imported in the preceding output was key 7093B841 (the
signing key for 2007). To verify that this key is valid (not forged) print its fingerprint
with a command like this:
% gpg --fingerprint 7093B841
pub 1024R/7093B841 2006-12-16
Key fingerprint = D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6
uid Sendmail Signing Key/2007
Now compare the fingerprint displayed to the following list of valid fingerprints:
18 A4 51 78 CA 72 D4 A7 ED 80 BA 8A C4 98 71 1D ?†? Sendmail Security
CA AE F2 94 3B 1D 41 3C 94 7B 72 5F AE 0B 6A 11 ?†? 1997
F9 32 40 A1 3B 3A B6 DE B2 98 6A 70 AF 54 9D 26 ?†? 1998
25 73 4C 8E 94 B1 E8 EA EA 9B A4 D6 00 51 C3 71 ?†? 1999
81 8C 58 EA 7A 9D 7C 1B 09 78 AC 5E EB 99 08 5D ?†? 2000
59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1 ?†? 2001
7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45 ?†? 2002
C4 73 DF 4A 97 9C 27 A9 EE 4F B2 BD 55 B5 E0 0F ?†? 2003
46 FE 81 99 48 75 30 B1 3E A9 79 43 BB 78 C1 D4 ?†? 2004
4B 38 0E 0B 41 E8 FC 79 E9 7E 82 9B 04 23 EC 8A ?†? 2005
18 A4 51 78 CA 72 D4 A7 ED 80 BA 8A C4 98 71 1D ?†? 2006
E3 F4 97 BC 9F DF 3F 1D 9B 0D DF D5 77 9A C9 79 ?†? 2006
D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6 ?†? 2007
If the fingerprint for a downloaded PGPKEYS file does not match one in this list (for
the correct year it represents), do not trust that file.
Pages:
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103