[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question on bad signature 180416



Sorry for an error in text below, the file containing:

da34180d8f618a6a311fe31fb08508496eb91601  debian-9.4.0-amd64-netinst.iso
341cbaf33c632891e23f0b2bffaebf2856a868fe  debian-9.4.0-amd64-xfce-CD-1.iso
c5dfa66c6885fbfe476b0da381d77145c994c629 debian-mac-9.4.0-amd64-netinst.iso

is https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA1SUMS



The SHA1SUMS.sign file contains:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE35ucSeqpKYQyWJ122ofoDWKUvpsFAlqsLi8ACgkQ2ofoDWKU
vpuaJw/+My2T7TuRb6VQVjqbQmBj8hrfK8/pwDXD1fu/b6p5h/aBPJroGSl/VJCY
URQe6fF/D1hxr1+odVahv8+FhoEsSEBet7Vvlfzw/1OAq327xBUlbHbxoOD0/0c4
bf5JWbPi1hxId2cIftnhoR3IeJPwaWdiUfF0E51Ci3ycLmQJmAPk/8wXsDDn4IE3
lerKYnLwKtohQNOOYbQ3k4795te2UjAVxbcraunqFu4nHjZZ907GoWQrzZtbURpx
R9HBVcKt+F7XOLGAIkKwACdUlmjYrhCIwY58ZCjzW69B1W7lPmbDT1TR4pICCqN+
HGoNnqTiDMwc5EGtCrZppByipB02qs5CNQBdoJwHpFKw+CwcyP68Jqx8YMo0KAri
roq/vWApMLO0bsRDmOoGjPbo8b1+MgeFw4NSbpqLSHGGQbegqyGPkz4DriSkzhd/
QmusgTA5nalIwDoJjAJeNFnLVYMPB7w/i+Jupaune4C5vQ4p0wu15YRKdwIfCY6J
67fPqx7wCrvqPWAGSNfRa4VyKQtjLWE8H83tAKkQFI8QdkNyBmzRFzH2zjW3BSLG
/mkEfqiwJmeKOwonKhSKPXRYde5GrTiiTR1gPnPXKeEkQJBTdI84SgeM87dMpAyY
uUv9p3rK7CEAGZdSCJmf27e1K0E7LOw1+ceXIRpAwvv9ipLtXDk=
=cSpx
-----END PGP SIGNATURE-----


/Jorgen




On Mon, 16 Apr 2018, Jorgen Ottosson wrote:

Date: Mon, 16 Apr 2018 11:11:27 +0200 (CEST)
From: Jorgen Ottosson <otto@de.acme.nu>
To: debian-cd@lists.debian.org
Subject: Question on bad signature 180416

Hi,

I have tested verifying the sig on the SHA1 file from here: https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/

but have not been successful in doing so.

Example:

-----

$ gpg SHA1SUMS.sign
Detached signature.
Please enter name of data file: debian-9.4.0-amd64-xfce-CD-1.iso
gpg: Signature made Fri 16 Mar 2018 09:50:55 PM CET using RSA key ID 6294BE9B
gpg: BAD signature from "Debian CD signing key <debian-cd@lists.debian.org>"

-----

The SHA1SUMS.sign file contains:

da34180d8f618a6a311fe31fb08508496eb91601  debian-9.4.0-amd64-netinst.iso
341cbaf33c632891e23f0b2bffaebf2856a868fe  debian-9.4.0-amd64-xfce-CD-1.iso
c5dfa66c6885fbfe476b0da381d77145c994c629 debian-mac-9.4.0-amd64-netinst.iso



Am I missing something? This should indicate some error in data etc, if key was unsigned locally it would clearly indicate that the sig checks mathematically but is not trusted, ie sig checks but it not verified.

Any comments welcome.

SY,
Jorgen




Reply to: