# [solved] Public key to verify files

## schmeggahead

Where do I obtain Gentoo's public key to verify files?

I'm using a windows box to verify and get the following message:

```

C:\Program Files\GNU\GnuPG>gpg --verify "c:\stage3-i686-hardened-2.4-2007.0.tar.bz2.asc"

gpg: Signature made 05/02/07 19:33:42 using DSA key ID 17072058

gpg: Can't check signature: public key not found

C:\Program Files\GNU\GnuPG>

```

I'm looking to start fresh and dd my harddrives.

want to be sure of the files.Last edited by schmeggahead on Mon Oct 22, 2007 1:50 am; edited 1 time in total

----------

## goffrie

`gpg --keyserver pgp.mit.edu --recv-keys 17072058`

(I randomly chose a keyserver from google.)

----------

## schmeggahead

```

C:\Program Files\GNU\GnuPG>gpg --verify "c:\stage3-i686-hardened-2.4-2007.0.tar.bz2.asc"

gpg: Signature made 05/02/07 19:33:42 using DSA key ID 17072058

gpg: Good signature from "Gentoo Linux Release Engineering (Gentoo Linux Release

 Signing Key) <releng@gentoo.org>"

gpg: WARNING: This key is not certified with a trusted signature!

gpg:          There is no indication that the signature belongs to the owner.

Primary key fingerprint: D99E AC73 79A8 50BC E47D  A5F2 9E64 38C8 1707 2058

C:\Program Files\GNU\GnuPG>

```

anyway to verify the key fingerprint?

I got the key from a second server and verified with the same result.

Key was unchanged.

If I get the same key from multiple servers, it is probably the correct one.

Marking it solved. Thank you.

----------

