Verifying published files integrity and origin

Nat Makarevitch

New Member

Messages: 3


I'm back to FreeBSD after (too) many years, and may have missed something, please bear with me.

My question is: how may I verify (origin, integrity) a published file?

Case in point: I want to install FreeBSD 11.1. The announce points towards ( a set of PGP-signed files ( ), I downloaded, which is signed by 8D12403C2E6CAB086CF64DA3031458A5478FE293, but I cannot find the public key.

The long and short (478FE293) key IDs aren't on keyservers, nor in "The OpenPGP keys of the officers" ( ). According to informations posted in a thread dating 2014 ( ) this key was used to sign BETA-status files(?!)

My subquestion is: where may I obtain the 8D12403C2E6CAB086CF64DA3031458A5478FE293 public key?

Thank you!


New Member

Reaction score: 3
Messages: 16

I believe the problem is that 478FE293 is not an "actual key" (in the sense of being something you can easily find), but is instead a sub-key of A0B946A3.

That "actual key", A0B946A3, does appear in the "complete keyring" file,, but (as of 2019-02-16) the list of sub-keys in that file is stale, so you would have to import the entire thing, which might take quite a while, to find 478FE293.

I have updated your PR 222044 to request that the situation be documented more clearly.