Question on bad signature 180416
I have tested verifying the sig on the SHA1 file from here:
but have not been successful in doing so.
$ gpg SHA1SUMS.sign
Please enter name of data file: debian-9.4.0-amd64-xfce-CD-1.iso
gpg: Signature made Fri 16 Mar 2018 09:50:55 PM CET using RSA key ID
gpg: BAD signature from "Debian CD signing key
The SHA1SUMS.sign file contains:
Am I missing something? This should indicate some error in data etc, if
key was unsigned locally it would clearly indicate that the sig checks
mathematically but is not trusted, ie sig checks but it not verified.
Any comments welcome.