Debian Live Signing Key
I downloaded debian-live-6.0.7-amd64-lxde-desktop.iso, SHA256SUMS,
SHA256SUMS.sign.
$ gpg --verify SHA256SUMS.sign
gpg: Signature made Mon 04 Mar 2013 11:15:15 AM CET
using RSA key ID 6CA7B5A6 gpg: Can't check signature: public key not found
$ gpg --recv-keys 6CA7B5A6
gpg: requesting key 6CA7B5A6 from hkps server hkps.pool.sks-keyservers.net
gpg: key 6CA7B5A6: public key "Debian Live Signing Key <debian-live@lists.debian.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 6 signed: 16 trust: 0-, 0q, 0n, 0m, 0f, 6u
gpg: depth: 1 valid: 16 signed: 30 trust: 12-, 1q, 0n, 3m, 0f, 0u
gpg: next trustdb check due at 2015-02-22
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
$ gpg --fingerprint 6CA7B5A6
pub 4096R/6CA7B5A6 2011-03-09 [expires: 2021-02-01]
Key fingerprint = 696F 95F0 88E4 D359 947F 7AEB 6F95 B499 6CA7 B5A6
uid Debian Live Signing Key <debian-live@lists.debian.org>
sub 4096R/6E7B0CD3 2011-03-09 [expires: 2021-02-01]
$ gpg --verify SHA256SUMS.sign
gpg: Signature made Mon 04 Mar 2013 11:15:15 AM CET using RSA key ID 6CA7B5A6
gpg: Good signature from "Debian Live Signing Key <debian-live@lists.debian.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 696F 95F0 88E4 D359 947F 7AEB 6F95 B499 6CA7 B5A6
$ sha256sum -c SHA256SUMS 2>&1 | grep debian-live-6.0.7-amd64-lxde-desktop.iso:
debian-live-6.0.7-amd64-lxde-desktop.iso: OK
Everything looks fine, except I cannot know this key is authentic
Debian Live Signing Key, isn't it? So, this way, if someone finds the
fingerprint is wrong, she can reply to this post.
Kind regards
--
http://markorandjelovic.hopto.org
Please make your donation for humanitarian aid for flood victims in
Serbia: http://www.floodrelief.gov.rs/eng/
Reply to: