警告信息“此密钥未经可信签名认证!” 何时验证 apache:
wget https://downloads.apache.org/accumulo/1.10.2/accumulo-1.10.2-bin.tar.gz
wget https://downloads.apache.org/accumulo/1.10.2/accumulo-1.10.2-bin.tar.gz.asc
wget https://downloads.apache.org/accumulo/KEYS
gpg --import KEYS
gpg --verify accumulo-1.10.2-bin.tar.gz.asc accumulo-1.10.2-bin.tar.gz
出现错误信息:
gpg: Signature made Tue 08 Feb 2022 11:04:00 PM HKT
gpg: using RSA key 8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D
gpg: Good signature from "Christopher L Tubbs II (Christopher) <[email protected]>" [unknown]
gpg: aka "Christopher L Tubbs II (Developer) <[email protected]>" [unknown]
gpg: aka "Christopher L Tubbs II (Developer) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8CC4 F8A2 B29C 2B04 0F2B 835D 6F0C DAE7 00B6 899D
我想完全相信它:
gpg --edit-key 8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa4096/6F0CDAE700B6899D
created: 2012-10-13 expires: 2024-01-12 usage: SC
trust: full validity: unknown
sub rsa4096/2FFC0085C23D3DA9
created: 2012-10-13 expires: 2024-01-12 usage: E
sub rsa4096/4417A0C14245D003
created: 2013-04-28 expires: 2024-01-12 usage: A
[ unknown] (1). Christopher L Tubbs II (Christopher) <[email protected]>
[ unknown] (2) Christopher L Tubbs II (Developer) <[email protected]>
[ unknown] (3) Christopher L Tubbs II (Developer) <[email protected]>
gpg> trust
pub rsa4096/6F0CDAE700B6899D
created: 2012-10-13 expires: 2024-01-12 usage: SC
trust: full validity: unknown
sub rsa4096/2FFC0085C23D3DA9
created: 2012-10-13 expires: 2024-01-12 usage: E
sub rsa4096/4417A0C14245D003
created: 2013-04-28 expires: 2024-01-12 usage: A
[ unknown] (1). Christopher L Tubbs II (Christopher) <[email protected]>
[ unknown] (2) Christopher L Tubbs II (Developer) <[email protected]>
[ unknown] (3) Christopher L Tubbs II (Developer) <[email protected]>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 4
pub rsa4096/6F0CDAE700B6899D
created: 2012-10-13 expires: 2024-01-12 usage: SC
trust: full validity: unknown
sub rsa4096/2FFC0085C23D3DA9
created: 2012-10-13 expires: 2024-01-12 usage: E
sub rsa4096/4417A0C14245D003
created: 2013-04-28 expires: 2024-01-12 usage: A
[ unknown] (1). Christopher L Tubbs II (Christopher) <[email protected]>
[ unknown] (2) Christopher L Tubbs II (Developer) <[email protected]>
[ unknown] (3) Christopher L Tubbs II (Developer) <[email protected]>
gpg> quit
然后再次验证:
gpg --verify accumulo-1.10.2-bin.tar.gz.asc accumulo-1.10.2-bin.tar.gz
gpg: Signature made Tue 08 Feb 2022 11:04:00 PM HKT
gpg: using RSA key 8CC4F8A2B29C2B040F2B835D6F0CDAE700B6899D
gpg: Good signature from "Christopher L Tubbs II (Christopher) <[email protected]>" [unknown]
gpg: aka "Christopher L Tubbs II (Developer) <[email protected]>" [unknown]
gpg: aka "Christopher L Tubbs II (Developer) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8CC4 F8A2 B29C 2B04 0F2B 835D 6F0C DAE7 00B6 899D
如何在验证 apache 时抑制警告信息?
将信任设置为最终 (5),或签署密钥,都可以解决问题(但请参阅下面的警告!)。
选项1:将信任设置为最终
请注意,我在信任提示符处输入了 5。现在当我运行验证命令时:
输出中不再有警告。另一方面,当我将信任设置为最终时,我确实撒了谎。
选项 2:签署密钥
由于您最终不信任密钥,因此使用您自己的最终受信任的密钥签署密钥更为正确。如果您想先做一些勤奋,请参阅警告。要签署密钥:
当我运行验证命令时再次没有警告,这一次我不必说谎。
警告
请注意,警告是有充分理由的。如果您想在签名或将其标记为最终受信任之前尝试确定您是否确实信任密钥,那么这个 security.stackexchange.com 线程是一个很好的起点。