Hi,
I wanted to migrate from 4.X to 5.X, but when itry to verify GPG key i have this message :
“Signature made Wed. 27 Apr 2022 11:03:05 CEST
gpg: avec la clef RSA 064182440C674D9F8D0F6F8B4DA79EDA231C852B
gpg: Can’t check signature: No public key”
Here is what i’ve done so foar :
I’m i doing somthing wrong ?
According to the 5.0.6 release notes here:
Krita 5.0.6 Released | Krita
… the public key is here:
https://files.kde.org/krita/4DA79EDA231C852B
So you’d need to import the Public Key into the GPG utility.
Ok thank you,
But then does that mean that i was doing it wrong ? Because i wasn’t using the public key at all in my procedure let’s say
Could you guide me ?
The public key needs to be on the keyring that GPG uses.
You do that with gpg --import pubkeyfilename
After that, when you do the gpg --verify signaturefile appfile command, the signature file goes through some secure check process to make sure it was generated by the owner of the public key.
Try it and see what happens.
Ok thanks a lot !
So it worked, but it says :
" Good signature […] Careful ! This key is not certified with a trusted signature. Nothing indicates that the singature belongs to his owner" (i’m translating from french)
Did i do something wrong ?
I followed your exact steps…
You should read in the Wikipedia of your native language the principle of PGP and the “Web of Trust”, it seems to me that you have not internalized it 
Michelist
Add: Hello @AhabGreybeard 
I understand the high level principles of Public/Private key systems but the detailed operation and verifying business is a magical mystery to me.
It looks like the appimage, it’s signature file and the Public Key are all compatible with each other.
However, there seems to be an additional thing where the Public key is verfied (for ownership) by another authority. That may cost money and that would be a good reason why the developers haven’t done that.
Given that the Public key was downloded from the the official KDE site, I’d tend to be confident that it is a genuine public key.
Hello @Michelist
@Michelist
I’m pretty new to this as you could see, but i’m trying to go above the learning curve to… Actually learn…
I’ll try to see the page you recommended me
@AhabGreybeard Ok thanks a lot for your support it’s really helpful to me
Have a good day both of you and happy drawings !
That is the right attitude! I’m glad you want to try to work out the answer yourself, you have my respect!
Michelist
I just have a last question regarding the .appimage :
Will i have the ability to update the app ? Or will i have to re-do thsi procedure manually periodically to see if there is a new option available ?
When the next formal release is made, you’ll have to download the appimage for it.
There is something happening with an appimage updating mechanism called ‘zsync’ but I don’t know any details about that.
The nighly builds have that as a file for download:
Krita_Nightly_Appimage_Build [Jenkins]
It’s the Krita-Next-x86_64.appimage.zsync file but I’ve no idea how it works or if it works.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.