TrueCrypt help!!
Andrea Corbellini
corbellini.andrea at gmail.com
Tue Sep 1 09:24:52 UTC 2015
Hi Edmund,
GPG is telling you that it does not know whether the signature is
legit or not (that is: whether TrueCrypt authors really made it). The
message "Good signature from TrueCrypt ..." does not mean anything in
practice, because everyone can create a keypair, label it with
whatever name/email they want, and sign whatever file they want.
To make that warning go away, you should tell GPG that you trust
TrueCypt's public key, but this is a complicated matter.
If you want to have some degree of certainty that the signature is
legit, make sure you downloaded it through HTTPS. This will ensure (up
to a certain point) that the signature has not been compromised by a
man-in-the-middle attack.
More information about the ubuntu-server
mailing list