Error when importing GPG key

firelizzard · May 2022

I am installing 1Password on Gentoo using the tarball. I am attempting to verify the signature. When I follow the instructions, I get the following error:

❯ curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --import
gpg: key AC2D62742012EA22: 3 signatures not checked due to missing keys
gpg: key AC2D62742012EA22: "Code signing for 1Password <codesign@1password.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Gentoo Linux

firelizzard · May 2022

In case it actually worked despite the error, I tried to verify the signature:

❯ gpg 1password-latest.tar.gz.sig                                                 
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: assuming signed data in '1password-latest.tar.gz'
gpg: Signature made Mon 25 Apr 2022 08:51:46 PM CDT
gpg:                using RSA key 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
gpg: Good signature from "Code signing for 1Password <codesign@1password.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3FEF 9748 469A DBE1 5DA7  CA80 AC2D 6274 2012 EA22

PeterG_1P · May 2022

Thank you for letting us know about this, @firelizzard. I have passed this on to our developers who are responsible for the GPG code signing so they can look into it. We appreciate you informing us of the problem, and I'll hope to have some answers on this soon.

ref: dev/core/core#15578

Error when importing GPG key

Comments