Error when importing GPG key

firelizzardfirelizzard
Community Member

I am installing 1Password on Gentoo using the tarball. I am attempting to verify the signature. When I follow the instructions, I get the following error:

❯ curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --import
gpg: key AC2D62742012EA22: 3 signatures not checked due to missing keys
gpg: key AC2D62742012EA22: "Code signing for 1Password <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Gentoo Linux

Comments

  • firelizzardfirelizzard
    Community Member

    In case it actually worked despite the error, I tried to verify the signature:

    ❯ gpg 1password-latest.tar.gz.sig                                                 
    gpg: WARNING: no command supplied.  Trying to guess what you mean ...
    gpg: assuming signed data in '1password-latest.tar.gz'
    gpg: Signature made Mon 25 Apr 2022 08:51:46 PM CDT
    gpg:                using RSA key 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
    gpg: Good signature from "Code signing for 1Password <[email protected]>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 3FEF 9748 469A DBE1 5DA7  CA80 AC2D 6274 2012 EA22
    
  • PeterG_1PPeterG_1P

    Team Member
    edited May 27

    Thank you for letting us know about this, @firelizzard. I have passed this on to our developers who are responsible for the GPG code signing so they can look into it. We appreciate you informing us of the problem, and I'll hope to have some answers on this soon.

    ref: dev/core/core#15578

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file