Perhaps I am doing something wrong, but I get the message that the key has expired.
Dowloaded
https://downloads.openwrt.org/releases/19.07.8/targets/ath79/generic/sha256sums
and
https://downloads.openwrt.org/releases/19.07.8/targets/ath79/generic/sha256sums.asc
Then
$ gpg --with-fingerprint --verify sha256sums.asc sha256sums
gpg: Signature made Wed 17 Feb 2021 14:52:39 CET
gpg: using RSA key D9C6901F45C9B86858687DFF28A39BC32074BE7A
gpg: Good signature from "OpenWrt Build System (PGP key for 19.07 release builds) <pgpsign-19.07@openwrt.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: D9C6 901F 45C9 B868 5868 7DFF 28A3 9BC3 2074 BE7A
Presumably they key is not meant to be expired?
Edit to add:
$ gpg -a --export "19.07"| gpg --list-packets
# off=0 ctb=99 tag=6 hlen=3 plen=525
:public key packet:
version 4, algo 1, created 1563103655, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 28A39BC32074BE7A
# off=528 ctb=b4 tag=13 hlen=2 plen=83
:user ID packet: "OpenWrt Build System (PGP key for 19.07 release builds) <pgpsign-19.07@openwrt.org>"
# off=613 ctb=89 tag=2 hlen=3 plen=599
:signature packet: algo 1, keyid 28A39BC32074BE7A
version 4, created 1563906191, md5len 0, sigclass 0x13
digest algo 8, begin of digest f1 10
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
hashed subpkt 21 len 5 (pref-hash-algos: 8 9 10 11 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 33 len 21 (issuer fpr v4 D9C6901F45C9B86858687DFF28A39BC32074BE7A)
hashed subpkt 2 len 4 (sig created 2019-07-23)
hashed subpkt 25 len 1 (primary user ID)
subpkt 16 len 8 (issuer key ID 28A39BC32074BE7A)
data: [4095 bits]
Edit to add:
OK, updated the key by the following:
$ gpg --keyserver keys.openpgp.org --receive-keys 28A39BC32074BE7A
Re-doing the export etc
$ gpg -a --export "19.07"| gpg --list-packets
# off=0 ctb=99 tag=6 hlen=3 plen=525
:public key packet:
version 4, algo 1, created 1563103655, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 28A39BC32074BE7A
# off=528 ctb=b4 tag=13 hlen=2 plen=83
:user ID packet: "OpenWrt Build System (PGP key for 19.07 release builds) <pgpsign-19.07@openwrt.org>"
# off=613 ctb=89 tag=2 hlen=3 plen=599
:signature packet: algo 1, keyid 28A39BC32074BE7A
version 4, created 1563906191, md5len 0, sigclass 0x13
digest algo 8, begin of digest f1 10
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 9 len 4 (key expires after 2y0d0h0m)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
hashed subpkt 21 len 5 (pref-hash-algos: 8 9 10 11 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 33 len 21 (issuer fpr v4 D9C6901F45C9B86858687DFF28A39BC32074BE7A)
hashed subpkt 2 len 4 (sig created 2019-07-23)
hashed subpkt 25 len 1 (primary user ID)
subpkt 16 len 8 (issuer key ID 28A39BC32074BE7A)
data: [4095 bits]
# off=1215 ctb=89 tag=2 hlen=3 plen=599
:signature packet: algo 1, keyid 28A39BC32074BE7A
version 4, created 1628534601, md5len 0, sigclass 0x13
digest algo 8, begin of digest 85 86
hashed subpkt 27 len 1 (key flags: 03)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
hashed subpkt 21 len 5 (pref-hash-algos: 8 9 10 11 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (keyserver preferences: 80)
hashed subpkt 25 len 1 (primary user ID)
hashed subpkt 33 len 21 (issuer fpr v4 D9C6901F45C9B86858687DFF28A39BC32074BE7A)
hashed subpkt 2 len 4 (sig created 2021-08-09)
hashed subpkt 9 len 4 (key expires after 3y27d7h15m)
subpkt 16 len 8 (issuer key ID 28A39BC32074BE7A)
data: [4095 bits]
Key is no longer expired - (sig created 2021-08-09), (key expires after 3y27d7h15m)
Redo check of sha256sums signature
$ gpg --verify sha256sums.asc
gpg: assuming signed data in 'sha256sums'
gpg: Signature made Mon 09 Aug 2021 22:49:08 CEST
gpg: using RSA key D9C6901F45C9B86858687DFF28A39BC32074BE7A
gpg: Good signature from "OpenWrt Build System (PGP key for 19.07 release builds) <pgpsign-19.07@openwrt.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: D9C6 901F 45C9 B868 5868 7DFF 28A3 9BC3 2074 BE7A
From:
PGP key for 19.07 release builds
User ID: OpenWrt Build System pgpsign-19.07@openwrt.org
Public Key: 0x28A39BC32074BE7A (4096 Bit RSA, created 2019-07-14, expires 2022-08-09)
Fingerprint: D9C6 901F 45C9 B868 5868 7DFF 28A3 9BC3 2074 BE7A
Last change: 2021-08-09 21:30:39 +0200 | Download