[Dshield] configuration/gpg question

Brendan Pirie bpirie at rma.edu
Thu Mar 31 16:22:48 GMT 2005


Greetings all,

Quick newbie question (if I'm asking in the wrong place, please accept 
my apologies and point me elsewhere)

I'm trying to implement the dshield.org scripts on a test firewall, and 
I'm having trouble with gpg verification.  I've imported the public key 
file from http://www.dshield.org/dshield_public_key.txt and signed 
"<blocklist at dshield.org>" locally with --edit-key and lsign.  I've 
trusted it, and run --update-trustdb.  The perl script fails with the 
following error:

Signature not valid.  Please verify manually or check if you have the 
right key

Trying to verify manually results in the following error:

[root at sparky ~]# gpg --verify /usr/tmp/0.282360723083006.asc
gpg: Signature made Thu 31 Mar 2005 10:50:07 AM EST using DSA key ID 
B58B4C82
gpg: Good signature from "DShield Blocklist (Used to Sign DShield 
Blocklist) <blocklist at dshield.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the 
owner.

followed by the Primary key fingerprint.  I've tried different methods 
of signing and trusting, and applied it to different keys found in 
dshield_public_key.txt, but none seem to have any effect.  I'm probably 
missing something obvious here, but I've never worked with gpg or pgp 
before, and having found the answer in the gpg docs or by googling thus 
far.  Can someone point me in the right direction?

Thanks immensely for any help,

Brendan


PS  This is a CentOS 4 x86 box with gnupg-1.2.6-1 and perl-5.8.5-12.1. 
Except for errata, it's a "stock" installation.




More information about the list mailing list