Verifying the signature

drcrypto · April 8, 2015, 3:12pm

Is this the correct response to verifying the signature? The warning is worrying…

$ gpg --verify “sqlcipher-for-android-community-v3.3.0.zip.sig” "sqlcipher-for-
android-community-v3.3.0.zip"
gpg: Signature made 03/26/15 10:52:50 using RSA key ID 67FD0322
gpg: Good signature from "Zetetic LLC support@zetetic.net"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: D83F 5F9E B811 D6E6 B4A0 D9C5 D1FA 3A2A 97ED 25C2
Subkey fingerprint: A4EA 79E6 49E7 45B9 2117 A56F 0CB9 9EE2 67FD 0322

developernotes · April 8, 2015, 3:35pm

Hello @drcrypto

You will need to specify the level of trust you have in the support@zetetic.net key. You can configure this within gpg:

gpg --edit-key support@zetetic.net

The above will place you in the gpg prompt, displaying key information for support@zetetic.net. Next you can specify your trust level:

gpg> trust

Which should provide you with your options:

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision?

More information can be found here.

Topic		Replies	Views
Use of 'net.zetetic:android-database-sqlcipher:4.5.1@aar' give OpenSSL 1.1.1m vulnerability SQLCipher	3	381	June 1, 2022
Copyright and license for android-database-sqlcipher Issues	1	250	April 25, 2023
Our internal tool reported CVE-2023-0464 vulnerability in openssl SQLCipher	1	336	March 31, 2023
New vulnerabilities detected in openssl SQLCipher	1	307	August 3, 2023
Cve-2022-1292 cve-2022-2068 cve-2021-3711 cve-2022-0778 cve-2021-3450 cve-2021-3712 cve-2021-4160 cve-2021-3449 cve-2022-2097 SQLCipher	3	535	September 29, 2022

Verifying the signature

Related Topics