Just tried to verify the Apache POI zip download using gpg and the KEYS file.
poi-bin-3.15-20160924.zip
I got a BAD signature error.
gpg --verify poi-src-3.15-20160924.zip.asc poi-bin-3.15-20160924.zip
gpg: Signature made 09/18/16 04:47:42 New Zealand Standard Time
gpg: using RSA key 527EB833FA3ADDC2
gpg: BAD signature from "David North " [unknown]
Any suggestions?
I tried the download from both US and Europe mirrors.
Thanks
You're comparing the "src" hash with the "bin" archive.
Should be
gpg --verify poi-**bin**-3.15-20160924.zip.asc poi-bin-3.15-20160924.zip
Related
(I have already seen other related answers in Stack Overflow, not helping, I may be missing something out)
I am getting this error after adding my SSH key to GitLab:
The form contains the following errors:
Key is invalid
Fingerprint sha256 has already been taken
Fingerprint sha256 cannot be generated
Key type is forbidden. Must be RSA, ECDSA, ED25519, ECDSA_SK, or ED25519_SK
This is my key generated from command prompt :
AAAAB3NzaC1yc2EAAAADAQABAAABgQDJKcaE7AZRIpFcRkobZBVSvBSscOdgHP5I5zV0gMA2jOIxV/3lOgf8vZ7rXWld/4bBNkCREM7JXs1IFZRrfSXgC2UocDpDWwnduUx8bGsZsfH1tfLLLU42lQgqMs5Aw+3zV4vlX9NpXGqSXtUXEbxQ18B9cv43I4Wg/9af9ADi8x27+xg6/f1jjL6pTVGySMceOyM0ZBpESbjwk66n4tzWlaVmn7c6OIDwlfz0K/ky/ozIBqwpFTDD72yCMgihWZSJiR2nIlhLPVwEKld0xfnstiludFdtHvt0U8tvyZjL6pTVGySMceOyM0ZsletaOaaKN+Pvq5pGMafcZyN/uMM63QHOwSPloaV9JFQ2hbT/7D8tmxojBGSLW5PlG+A1QxxBZHGYgFpz/ooIJNrjrkc7DFcn60jaGKeuDxXNXuOXhyCz4xVWNxAB7XdCurDYI/1YuFmXFDpkUhKCZM3cFBpfRZ78ScyQ0q/kSJygnuBULgPmcmKEg3VLj6C2Cuu3hiCjs0jgX8ltCHZ61E8U=
COMMAND:
ssh-keygen -t rsa -C "taha.gh1985#gmail.com"
Make sure to copy the full public key part of what ssh-keygen has generated.
In your case, the public key should start with ssh-rsa AAA....
I mentioned before a similar error, where the key was incomplete.
Note: the GitLab error message "Fingerprint sha256 has already been taken" has been reported as "not helpful enough": issue 377357.
RSA file :
ssh-rsa AAAAB3Nz.....61E8U= pasar#DESKTOP-9SMOQR
I removed begin and end of text and used it as key to GITLAB which was the reason why SSHKEY was wrong.
My company uses ed25519 and nodejs version 10. I see the error,
"
I deleted the keys from the .ssh( this i was fine since I am starting to build new) and regenerated adding the -m pem option as I copied the .pub contents to my app for validation.
I still see this error.. Is there anything I am missing? or is it picking up the old keys from somewhere?
Any pointers would greatly help me..
thanks
I need help with gpg key in git.
First I export keys from windows with this:
gpg --output backupkeys.pgp --armor --export-secret-keys --export-options export-backup user#email
Then on linux I import this key
gpg --import backupkeys.pgp
and change from unknown to ultimate. So this is how I import this key to linux.
But now I need add gpg key to git, so I do this:
git config --global user.signingkey mySuperKey
but when I can create commit
git commit -S -m "Super Commit"
I have this output
error: gpg failed to sign the data
fatal: failed to write commit object
I don't know where is problem.
After trying exporting new GPG keys and later import. I found answare for this problem.
echo hello world | gpg -sa -u user#email
if I try this don't show this:
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device
So all what I need to do is this:
export GPG_TTY=$(tty)
Last night I setup Pass Password Manager. I used gpg2, and followed this tutorial. I didn't implement git integration. Everything worked successfully. To view my password I had to enter my master key, exactly like how I want it. This morning I try to use pass. In my terminal I typed in
pass account/adobe/my#email.com
I get the following error:
gpg: decryption failed: No secret key
It didn't ask me to enter my master key. I tried restarting gpg-agent, I tried editing ~/.gnupg/gpg-agent.conf, but nothing is working.
This is how my ~/.gnupg/gpg-agent.conf looks like:
default-cache-ttl 28800
# 8 hours
pinentry-program /usr/bin/pinentry-curses
allow-loopback-pinentry
I should mention that I am using Linux Subsystem on Windows 10.
I put this in ~/.gnupg/gpg-agent.conf :
default-cache-ttl 3153600000
pinentry-program /usr/bin/pinentry-curses
allow-loopback-pinentry
After enter the following commands:
$ gpgconf --kill gpg-agent
$ gpg-connect-agent /bye
I am trying to install Chrome native client.
I went to this https://developer.chrome.com/native-client/sdk/download page to download and install the sdk. I followed the instructions in this page however when I tried to execute the naclsdk list command or any naclsdk command I got an error:
third_party.fancy_urllib.InvalidCertificateException: Host storage.googleapis.com returned an invalid certificate ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)):
To learn more, see http://code.google.com/appengine/kb/general.html#rpcssl
Usage: sdk_update_main.py <command> [options]
What is the problem here? Is there a problem with a certificate?
just comment two lines of sdk_tools/download.py
# ca_certs = os.path.join(SCRIPT_DIR, 'cacerts.txt')
# request.set_ssl_info(ca_certs=ca_certs)
When I tried applying the accepted answer, download.py was overwritten with the old version before it was executed.
Instead, I updated the certificates by replacing the contents of cacerts.txt with the certificate chain storage.googleapis.com is using today:
-----BEGIN CERTIFICATE-----
MIIGcjCCBVqgAwIBAgIQBdcOj75NzEPW3Y45nh0r+zANBgkqhkiG9w0BAQsFADBU
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUw
IwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDMwMTA5
MzY0NVoXDTE5MDUyNDA5MjUwMFowcjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2ds
ZSBMTEMxITAfBgNVBAMMGCouc3RvcmFnZS5nb29nbGVhcGlzLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMhmw+ZB0GgoEEHQR+g75gfFMoqoBHvc
NADV8RJ5iCIiIQh2slRYv9Wai9/ZeYrxaJowLyEpi5n3ZjeIBBGitSnTd+sUOnT5
n/D/d5FCRKBcNkAJkdMtqnHJNPRt5xlheKlPYPzb+qR/BdoedfMbcgJ8Qgfg5mAb
xVpLOUGIKDNfC+z+wthXJJtqp2WU3MCKfFQy9tXodq043Mvdl0hEF4P3I3SSZioO
WK44JonwPbbvy7qk9ohrchfLa0VfPVN9rlpV0eoNTWISlNrK+fmBgj5lr7YNtfUK
lyi26L119hWPAlVpnHohf15iRPUudK70GY+xPbol6tD92pXY3pxPwD8CAwEAAaOC
AyAwggMcMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIIB9QYDVR0RBIIB7DCCAeiCGCou
c3RvcmFnZS5nb29nbGVhcGlzLmNvbYIkKi5hcHBzcG90LmNvbS5zdG9yYWdlLmdv
b2dsZWFwaXMuY29tgiIqLmNvbW1vbmRhdGFzdG9yYWdlLmdvb2dsZWFwaXMuY29t
gikqLmNvbnRlbnQtc3RvcmFnZS1kb3dubG9hZC5nb29nbGVhcGlzLmNvbYInKi5j
b250ZW50LXN0b3JhZ2UtdXBsb2FkLmdvb2dsZWFwaXMuY29tgiAqLmNvbnRlbnQt
c3RvcmFnZS5nb29nbGVhcGlzLmNvbYIQKi5nb29nbGVhcGlzLmNvbYIhKi5zdG9y
YWdlLWRvd25sb2FkLmdvb2dsZWFwaXMuY29tgh8qLnN0b3JhZ2UtdXBsb2FkLmdv
b2dsZWFwaXMuY29tgh8qLnN0b3JhZ2Uuc2VsZWN0Lmdvb2dsZWFwaXMuY29tgiBj
b21tb25kYXRhc3RvcmFnZS5nb29nbGVhcGlzLmNvbYIrc3RhdGljLnBhbm9yYW1p
by5jb20uc3RvcmFnZS5nb29nbGVhcGlzLmNvbYIWc3RvcmFnZS5nb29nbGVhcGlz
LmNvbYIdc3RvcmFnZS5zZWxlY3QuZ29vZ2xlYXBpcy5jb22CD3VuZmlsdGVyZWQu
bmV3czBoBggrBgEFBQcBAQRcMFowLQYIKwYBBQUHMAKGIWh0dHA6Ly9wa2kuZ29v
Zy9nc3IyL0dUU0dJQUczLmNydDApBggrBgEFBQcwAYYdaHR0cDovL29jc3AucGtp
Lmdvb2cvR1RTR0lBRzMwHQYDVR0OBBYEFIDYGi+iqBDS6hhcK63FsCcyzki1MAwG
A1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUd8K4UJpndnaxLcKG0IOgfqZ+ukswIQYD
VR0gBBowGDAMBgorBgEEAdZ5AgUDMAgGBmeBDAECAjAxBgNVHR8EKjAoMCagJKAi
hiBodHRwOi8vY3JsLnBraS5nb29nL0dUU0dJQUczLmNybDANBgkqhkiG9w0BAQsF
AAOCAQEAsNHEdUG4mXtpq1/QwqkL4ljH0HTCi586YHsijMpt6yaVXHxwlofBmB5r
7q/zlPIrIYvwEhl6Hx61mUEvUgnaeSFxYacI6UzRVyD1SA4VACpWCvBSgmNGz4TG
PvN10UvhQr8oje4VTON+UHI1sqLbSMQU6R3hlYQryu8dfl7Rc9evEjErNljATkgU
63DPq2bs/twkmRV/ORwgqzjoIxYK+58mpgV5CJGkdkqhiQAJ2Pu7ZeNdwWuQqjGC
H8kutx7Vvlm84BM4syzRoTWK4pOGmZVbrXHu2yiuHuJyfeT1ZQuNm0yuXW2A4PZh
z+TIiPW8jDr4cXccAslL+BuIpURPWg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEXDCCA0SgAwIBAgINAeOpMBz8cgY4P5pTHTANBgkqhkiG9w0BAQsFADBMMSAw
HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs
U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy
MTUwMDAwNDJaMFQxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg
U2VydmljZXMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzMw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKUkvqHv/OJGuo2nIYaNVW
XQ5IWi01CXZaz6TIHLGp/lOJ+600/4hbn7vn6AAB3DVzdQOts7G5pH0rJnnOFUAK
71G4nzKMfHCGUksW/mona+Y2emJQ2N+aicwJKetPKRSIgAuPOB6Aahh8Hb2XO3h9
RUk2T0HNouB2VzxoMXlkyW7XUR5mw6JkLHnA52XDVoRTWkNty5oCINLvGmnRsJ1z
ouAqYGVQMc/7sy+/EYhALrVJEA8KbtyX+r8snwU5C1hUrwaW6MWOARa8qBpNQcWT
kaIeoYvy/sGIJEmjR0vFEwHdp1cSaWIr6/4g72n7OqXwfinu7ZYW97EfoOSQJeAz
AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHfCuFCa
Z3Z2sS3ChtCDoH6mfrpLMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYu
MDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdv
b2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dz
cjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYc
aHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEA
HLeJluRT7bvs26gyAZ8so81trUISd7O45skDUmAge1cnxhG1P2cNmSxbWsoiCt2e
ux9LSD+PAj2LIYRFHW31/6xoic1k4tbWXkDCjir37xTTNqRAMPUyFRWSdvt+nlPq
wnb8Oa2I/maSJukcxDjNSfpDh/Bd1lZNgdd/8cLdsE3+wypufJ9uXO1iQpnh9zbu
FIwsIONGl1p3A8CgxkqI/UAih3JaGOqcpcdaCIzkBaR9uYQ1X4k2Vg5APRLouzVy
7a8IVk6wuy6pm+T7HT4LY8ibS5FEZlfAFLSW8NwsVz9SBK2Vqn1N0PIMn5xA6NZV
c7o835DLAFshEWfC7TIe3g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
-----END CERTIFICATE-----
The problem is with an outdated sdk_tools/cacerts.txt file; Google has changed the CA they use, but the code tries to verify against a specific CA trust anchor.
As an aside, this highlights the difficulties with key pinning.
The minimum change you can do is to update the CA cert it expects by downloading a newer version. This still verifies that you're connected to a Google-controlled server.
The solution by sevenyearslater of ripping this custom check out works too, but makes it possible to spoof the download site in some scenarios.