Re: Verifying checksum and signature
On Thu, Oct 01, 2020 at 06:21:54PM -0400, leonard morin wrote:
> Hi,
>
> I want to reinstall Debian but first verify the signature of the installer
> checksum and the signature file. I am working with Windows and based this
> process on this video by Crypto Dad:
>
> https://www.youtube.com/watch?v=N7oE0QaK540
>
> I was able to download the GPG4Win and verify it with the Shasum Checker,
> also as per Crypto Dad:
>
> https://www.youtube.com/watch?v=QZ2GrQA_ye8
>
> I followed his instructions to check the signature and checksum for the
> Debian installer in (GNU Privacy Assistant). I get the message that there
> is no public key. When I follow his process to retrieve the public key at
> https://www.debian.org/CD/verify
> I get the message in GPA "No keys were found" for all the IDs and
> fingerprints on the page. Should I be obtaining the public key elsewhere?
> Or should I do something else differently?
>
You should be able to get the keys from the debian key
server(keyring.debug.org). Here's any example using gpg from the
command-line:
tubaman@potts:~$ gpg --keyserver keyring.debian.org --recv-keys 6BD05CFB
gpg: key 42468F4009EA8AC3: "Debian Testing CDs Automatic Signing Key <debian-cd@lists.debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
tubaman@potts:~$ gpg --fingerprint 6BD05CFB
pub rsa4096 2014-04-15 [SC]
F41D 3034 2F35 4669 5F65 C669 4246 8F40 09EA 8AC3
uid [ unknown] Debian Testing CDs Automatic Signing Key <debian-cd@lists.debian.org>
sub rsa4096 2014-04-15 [E]
Perhaps you can translate that into your Windows tools? Here some more
info on Debian's gpg key server: https://keyring.debian.org/
Reply to: