[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Question on bad signature 180416


I have tested verifying the sig on the SHA1 file from here: https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/

but have not been successful in doing so.



$ gpg SHA1SUMS.sign
Detached signature.
Please enter name of data file: debian-9.4.0-amd64-xfce-CD-1.iso
gpg: Signature made Fri 16 Mar 2018 09:50:55 PM CET using RSA key ID 6294BE9B gpg: BAD signature from "Debian CD signing key <debian-cd@lists.debian.org>"


The SHA1SUMS.sign file contains:

da34180d8f618a6a311fe31fb08508496eb91601  debian-9.4.0-amd64-netinst.iso
341cbaf33c632891e23f0b2bffaebf2856a868fe  debian-9.4.0-amd64-xfce-CD-1.iso
c5dfa66c6885fbfe476b0da381d77145c994c629 debian-mac-9.4.0-amd64-netinst.iso

Am I missing something? This should indicate some error in data etc, if key was unsigned locally it would clearly indicate that the sig checks mathematically but is not trusted, ie sig checks but it not verified.

Any comments welcome.


Reply to: