The More4apps public key must be imported to be able to verify BI report signatures. Open a Command Line window and type, or use copy and paste, the entire string below:
gpg --recv-keys 5D8B6113F5099742
|
The *.sig BI reports that were provided in the installation zip file can now be verified.
When using an untrusted certificate to verify signatures, a warning may appear:
gpg: Good signature from "More4Apps (More4Apps key for Digital Certificates) <xxx@more4apps.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
|
The following steps will set the trust of the More4apps certificate to prevent the warning from occurring.
-
Only set the trust of the More4apps certificate to ultimate after verifying the fingerprint of the installed key.
To verify the certificate fingerprint, run the command ‘gpg --list-keys’ and verify that the More4apps fingerprint matches the below:
1D8A523E3FCB060800FC17065D8B6113F5099742
|
To set the trust level of the More4apps certificate to ultimate, perform the steps below:
1. Edit the More4apps key:
gpg --edit-key More4Apps
[ unknown] (1). More4Apps (More4Apps key for Digital Certificates) <xxx@more4apps.com>
|
2. Run the trust command on the key:
trust
[ unknown] (1). More4Apps (More4Apps key for Digital Certificates) <xxx@more4apps.com
|
3. Set the trust level to ‘5’ and verify with the ‘Y’ command:
Please decide how far you trust this user to correctly
verify other users' keys (by looking at passports,
checking fingerprints from different sources...)?
1 = Don't know
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
[ unknown] (1). More4Apps (More4Apps key for Digital Certificates) <xxx@more4apps.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
|
4. Use the quit command to exit key editing: