I have downloaded gpg4win-2.3.0 from the official website and tried to verify the signature (after downloading the signature as well, file ending with .exe.sig) - I am getting the following output. Is this valid? or some problem with the download.
gpg --verify gpg4win-2.3.0.exe.sig gpg4win-2.3.0.exe
gpg: Signature made 11/24/15 13:06:13 Central Standard Time using DSA key ID EC70B1B8
gpg: Good signature from “Intevation File Distribution Key distribution-key@intevation.de” unknown
gpg: WARNING: This key is not certified with a trusted signature!
There is no indication that the signature belongs to the owner.
Primary key fingerprint: 61AC 3F5E E4BE 593C 13D6 8B1E 7CBD 620B EC70 B1B8
I checked the past fingerprints as listed on https://www.gnupg.org/signature_key.html - but didn’t found the one above.
My installed version is gpg 2.0.27 <Gpg4win 2.2.4)
libgcrypt 1.6.3…
OS: Windows 7 Home SP1
Thanks,