[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Unable to Verify Iso - public key not found
From:       Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= <marmarek () invisiblethingslab ! com>
Date:       2015-12-29 14:03:00
Message-ID: 20151229140300.GD913 () mail-itl
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Dec 29, 2015 at 02:06:39AM -0800, kare.m.jonsson@gmail.com wrote:
> This must mena something
> 
> Kares-MacBook-Pro:Downloads karejonsson$ ls
> 
> GPG_Suite-2015.09.dmg Qubes-R3.0-x86_64-DVD.iso.DIGESTS 
> Qubes-R3.0-x86_64-DVD.iso.download qubes-secpack
> 
> Qubes-R3.0-x86_64-DVD.iso Qubes-R3.0-x86_64-DVD.iso.asc 
> qubes-release-3-signing-key.asc
> 
> Kares-MacBook-Pro:Downloads karejonsson$ md5 Qubes-R3.0-x86_64-DVD.iso
> 
> MD5 (Qubes-R3.0-x86_64-DVD.iso) = f07fc791354b5ae00ebc0b9db60bdc69
> 
> Kares-MacBook-Pro:Downloads karejonsson$ openssl sha1 
> Qubes-R3.0-x86_64-DVD.iso
> 
> SHA1(Qubes-R3.0-x86_64-DVD.iso)= 1570a0f0efe685078316ba73e04a442445780bef

This isn't the right checksum - your file is broken. 

> Kares-MacBook-Pro:Downloads karejonsson$ gpg -v 
> Qubes-R3.0-x86_64-DVD.iso.asc 
> 
> Version: GnuPG v1
> 
> gpg: armor header: 
> 
> gpg: assuming signed data in 'Qubes-R3.0-x86_64-DVD.iso'
> 
> gpg: Signature made Tis 29 Sep 10:41:17 2015 CEST using RSA key ID 03FA5082
> 
> gpg: using PGP trust model
> 
> gpg: BAD signature from "Qubes OS Release 3 Signing Key" [full]

This means you have wrong iso image (broken download or something).

> gpg: binary signature, digest algorithm SHA256
> 
> Kares-MacBook-Pro:Downloads karejonsson$ gpg --list-key

(...)

> I do notice that the key used (defaults to 03FA5082) is not the Release 3 
> signing key (36879494).

You got that wrong: 36879494 is the master key, used only to sign other
keys. 03FA5082 is Release 3 signing key, used to sign packages and ISO
images.

> It puzzles me that I have read so much now when 
> attempting to verify the ISO without reading of how to use an explicit key.
> 
> Further help is greatly appreciated. I have done my stick-installation but 
> I want this done before I try to boot from it. 

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWgpKUAAoJENuP0xzK19cspdkH/jIAbTZ9EbVMtiJhyV/V45qF
5IYbrVfhliiLldHOKQPj8jhU4oAK1hLOdvVlv2V3mgILdW6e3TZdNJRz3/7tIdkS
gfObTG58DZX11agsR5WBIAYRTBzdRG0SAuehIdhoRRdXhvz71zY5udMYNHSf06hS
toYv0GHJIWwn40Y7X+o5fWdBrSWkrSvwOULXARroLbFvSDTRt/NVBBr+sOJPyRdX
RJM9XPxPntVe+DlNPTlgdpWDHhL1YYZ3qPFTo+pqgllDc4GWt493Ylah4Z2BSuPz
e22ROIWLn4a4uFiOF6GjPuyOXjMZtTR0uYv2TL10FMxXTY/rl6j7ue+uTgj//nE=
=AU+Z
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20151229140300.GD913%40mail-itl. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]