I’m new to PGP and Gpg4Win, but I think I’ve read enough understand the concepts.
All I want to do is to verify a file signed with a PGP key. I have myself verified the key from many sources over time, so I want Gpg4Win to trust it to avoid any trust warnings.
I have downloaded these files:
file.iso
file.iso.sig
public.key
I have just installed the latest version of Gpg4Win (v2.3.1) and have used Kleopatra to do the following:
Import Certificates → public.key
New Certificate → Create a personal OpenPGP key pair, etc…
Right-clicked the developer’s certificate and chose “Certify Certificate”, “only for myself”, etc…
And I get the error message, “The certificate could not be certified. Error: Certificate expired”.
But my own certificate is valid from when I created it with no expiry date. And the developer’s one is valid from 2015 to 2017.
Am I doing something wrong? I’m really confused! Thanks in advance 