[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Verifying Digital Signatures

I'm following the steps to verify kernel signatures using GNUpg. I'm
following the directions from

Where I am getting stumped is verifying the tar against the signature.

linux-4.17  linux-4.17.tar  linux-4.17.tar.sign
root@Ultraman:/usr/src# gpg2 --verify linux-4.17.tar.sign
gpg: assuming signed data in 'linux-4.17.tar'
gpg: Signature made Sun 03 Jun 2018 02:35:54 PM PDT
gpg:                using RSA key 79BE3E4300411886
gpg: Can't check signature: No public key

I tried several times trying to import keys belonging to Linus Torvalds
and Greg Kroah-Hartman. Using this command:

$ gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org

I'm stumped. Am I missing something?

Thanks for any advice.

HP Garcia

Reply to: