Good {evening,morning,afternoon}, fellow anglophones.
I am running Wheezy, and I plan to prepare a debian live cd using this
file:
http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-7.6.0-amd64-standard.iso
Before doing this, however, I would like to verify the authenticity of
the SHA512SUMS file which I believe I obtained from here:
http://live.debian.net/cdimage/release/stable/amd64/iso-hybrid/SHA512SUMS
And so, to that end, I downloaded...
http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/SHA512SUMS.sign
But I am stuck now, because I cannot find the corresponding public
key, and don't know where to start looking for it.
What I have done so far:
I installed the debian-keyring package, and then I ran this:
| $ gpgv --keyring /usr/share/keyrings/debian-keyring.gpg -vv --
SHA512SUMS.sign
| gpgv: armor: BEGIN PGP SIGNATURE
| gpgv: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
| :signature packet: algo 1, keyid DA87E80D6294BE9B
| version 4, created 1406210061, md5len 0, sigclass 0x00
| digest algo 8, begin of digest fc 43
| hashed subpkt 2 len 4 (sig created 2014-07-24)
| subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B)
| data: [4096 bits]
| gpgv: assuming signed data in `SHA512SUMS'
| gpgv: Signature made Thu 24 Jul 2014 09:54:21 AM EDT using RSA key ID
6294BE9B
| gpgv: Can't check signature: public key not found
This was not the outcome I was hoping for, but I am not sure what to
do next.