[prev in list] [next in list] [prev in thread] [next in thread]
List: qubes-devel
Subject: Re: [qubes-devel] Unable to Verify Iso - public key not found
From: Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= <marmarek () invisiblethingslab ! com>
Date: 2015-12-29 14:03:00
Message-ID: 20151229140300.GD913 () mail-itl
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, Dec 29, 2015 at 02:06:39AM -0800, kare.m.jonsson@gmail.com wrote:
> This must mena something
>
> Kares-MacBook-Pro:Downloads karejonsson$ ls
>
> GPG_Suite-2015.09.dmg Qubes-R3.0-x86_64-DVD.iso.DIGESTS
> Qubes-R3.0-x86_64-DVD.iso.download qubes-secpack
>
> Qubes-R3.0-x86_64-DVD.iso Qubes-R3.0-x86_64-DVD.iso.asc
> qubes-release-3-signing-key.asc
>
> Kares-MacBook-Pro:Downloads karejonsson$ md5 Qubes-R3.0-x86_64-DVD.iso
>
> MD5 (Qubes-R3.0-x86_64-DVD.iso) = f07fc791354b5ae00ebc0b9db60bdc69
>
> Kares-MacBook-Pro:Downloads karejonsson$ openssl sha1
> Qubes-R3.0-x86_64-DVD.iso
>
> SHA1(Qubes-R3.0-x86_64-DVD.iso)= 1570a0f0efe685078316ba73e04a442445780bef
This isn't the right checksum - your file is broken.
> Kares-MacBook-Pro:Downloads karejonsson$ gpg -v
> Qubes-R3.0-x86_64-DVD.iso.asc
>
> Version: GnuPG v1
>
> gpg: armor header:
>
> gpg: assuming signed data in 'Qubes-R3.0-x86_64-DVD.iso'
>
> gpg: Signature made Tis 29 Sep 10:41:17 2015 CEST using RSA key ID 03FA5082
>
> gpg: using PGP trust model
>
> gpg: BAD signature from "Qubes OS Release 3 Signing Key" [full]
This means you have wrong iso image (broken download or something).
> gpg: binary signature, digest algorithm SHA256
>
> Kares-MacBook-Pro:Downloads karejonsson$ gpg --list-key
(...)
> I do notice that the key used (defaults to 03FA5082) is not the Release 3
> signing key (36879494).
You got that wrong: 36879494 is the master key, used only to sign other
keys. 03FA5082 is Release 3 signing key, used to sign packages and ISO
images.
> It puzzles me that I have read so much now when
> attempting to verify the ISO without reading of how to use an explicit key.
>
> Further help is greatly appreciated. I have done my stick-installation but
> I want this done before I try to boot from it.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWgpKUAAoJENuP0xzK19cspdkH/jIAbTZ9EbVMtiJhyV/V45qF
5IYbrVfhliiLldHOKQPj8jhU4oAK1hLOdvVlv2V3mgILdW6e3TZdNJRz3/7tIdkS
gfObTG58DZX11agsR5WBIAYRTBzdRG0SAuehIdhoRRdXhvz71zY5udMYNHSf06hS
toYv0GHJIWwn40Y7X+o5fWdBrSWkrSvwOULXARroLbFvSDTRt/NVBBr+sOJPyRdX
RJM9XPxPntVe+DlNPTlgdpWDHhL1YYZ3qPFTo+pqgllDc4GWt493Ylah4Z2BSuPz
e22ROIWLn4a4uFiOF6GjPuyOXjMZtTR0uYv2TL10FMxXTY/rl6j7ue+uTgj//nE=
=AU+Z
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20151229140300.GD913%40mail-itl. For \
more options, visit https://groups.google.com/d/optout.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic