Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] TrueCrypt EOL, what's next?



Bill Ricker wrote:
> ?From what Steve Gibson said, the "new" key was gotten early enough it
> would have been well before current incident? -- if malicious, would
> show significant premeditation. 

No, the keys in question are GnuPG keys and unless someone has figured
out a key collision the GnuPG key used to sign the 7.1a binaries is the
same GnuPG key used to sign the 7.2 binaries. There is no "new" key.
Ignore the warnings; that's because I haven't signed the key on my key ring.

[ratinox at chihiro: Desktop]$ gpg --verify TrueCrypt-7.2.exe.sig
gpg: Signature made Tue, May 27, 2014 12:58:45 PM EDT using DSA key ID
F0D6B1E0
gpg: Good signature from "TrueCrypt Foundation <contact at truecrypt.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: C5F4 BAC4 A7B2 2DB8 B8F8  5538 E3BA 73CA F0D6 B1E0
[ratinox at chihiro: Desktop]$ gpg --verify TrueCrypt\ Setup\ 7.1a.exe.sig
gpg: Signature made Tue, Feb 07, 2012  3:56:28 PM EST using DSA key ID
F0D6B1E0
gpg: Good signature from "TrueCrypt Foundation <contact at truecrypt.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: C5F4 BAC4 A7B2 2DB8 B8F8  5538 E3BA 73CA F0D6 B1E0
[ratinox at chihiro: Desktop]$

You can verify that the key fingerprint is correct for yourself.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org