hi.
just out of curiosity i tried to verify signature of one of Novell’s security advisories (this one in particular) with gpg.
as suggested, i saved that page as text' with firefox, imported gpg-pubkey-3d25d3d9-36e12d04.asc into gpg's keyring and launched gpg --verify work/2009_25_udev.txt’:
[sergey@freebsd ~]$ LANG=C gpg --verify work/2009_25_udev.txt
Warning: using insecure memory!
gpg: Signature made Wed Apr 22 19:32:56 2009 MSD using RSA key ID 3D25D3D9
gpg: BAD signature from "SuSE Security Team <security@suse.de>"
Though I did come across something… Hopefully someone can say why…
lynx --dump --nolist http://www.novell.com/linux/security/advisories/2009_25_udev.html > keyfile.asc
gpg2 --verify keyfile.asc
gpg: Signature made Wed 22 Apr 2009 15:32:56 GMT using RSA key ID 3D25D3D9
gpg: BAD signature from "SuSE Security Team <security@suse.de>"
Returns a bad sig, but if I highlight and paste…
gpg2 --verify key.asc
gpg: Signature made Wed 22 Apr 2009 15:32:56 GMT using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 73 5F 2E 99 DF DB 94 C4 8F 5A A3 AE AF 22 F2 D5
gpg2 --keyserver hkp://subkeys.pgp.net --recv 3D25D3D9
gpg: requesting key 3D25D3D9 from hkp server subkeys.pgp.net
gpg: key 3D25D3D9: "SuSE Security Team <security@suse.de>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
I’m really not sure why, but I don’t think you need to worry.