Re: Verifying Digital Signatures

To: debian-user@lists.debian.org
Subject: Re: Verifying Digital Signatures
From: Teemu Likonen <tlikonen@iki.fi>
Date: Mon, 11 Jun 2018 09:25:12 +0300
Message-id: <[🔎] 87lgblg7qv.fsf@iki.fi>
In-reply-to: <[🔎] 20180610224333.5a4d5c25@Ultraman.madgoat.net> (HP Garcia's message of "Sun, 10 Jun 2018 22:43:33 -0700")
References: <[🔎] 20180610224333.5a4d5c25@Ultraman.madgoat.net>

HP Garcia [2018-06-10 22:43:33-07] wrote:

> root@Ultraman:/usr/src# gpg2 --verify linux-4.17.tar.sign
> gpg: assuming signed data in 'linux-4.17.tar'
> gpg: Signature made Sun 03 Jun 2018 02:35:54 PM PDT
> gpg:                using RSA key 79BE3E4300411886
                                    ^^^^^^^^^^^^^^^^

> gpg: Can't check signature: No public key
>
> I tried several times trying to import keys belonging to Linus Torvalds
> and Greg Kroah-Hartman. Using this command:
>
> $ gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org

Download the key that was used to sign the package: 79BE3E4300411886.

    $ gpg2 --recv-key 79BE3E4300411886

Then the signature should verify nicely.

(Another question is the trust path from you or your key to the key that
was used to sign the package.)

-- 
/// Teemu Likonen   - .-..   <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Verifying Digital Signatures
  - From: HP Garcia <portamex@garlic.com>

Prev by Date: Re: Verifying Digital Signatures
Next by Date: Re: Verifying Digital Signatures
Previous by thread: Re: Verifying Digital Signatures
Next by thread: Re: Verifying Digital Signatures
Index(es):
- Date
- Thread