Re: Verifying Digital Signatures
On Mon, 11 Jun 2018 10:39:29 +0200
john doe <johndoe65534@mail.com> wrote:
> On 6/11/2018 8:32 AM, john doe wrote:
> > On 6/11/2018 7:43 AM, HP Garcia wrote:
> >> I'm following the steps to verify kernel signatures using GNUpg.
> >> I'm following the directions from
> >> https://www.kernel.org/category/signatures.html.
> >>
> >> Where I am getting stumped is verifying the tar against the
> >> signature.
> >>
> >> linux-4.17 linux-4.17.tar linux-4.17.tar.sign
> >> root@Ultraman:/usr/src# gpg2 --verify linux-4.17.tar.sign
> >> gpg: assuming signed data in 'linux-4.17.tar'
> >> gpg: Signature made Sun 03 Jun 2018 02:35:54 PM PDT
> >> gpg: using RSA key 79BE3E4300411886
> >> gpg: Can't check signature: No public key
> >>
> >> I tried several times trying to import keys belonging to Linus
> >> Torvalds and Greg Kroah-Hartman. Using this command:
> >>
> >> $ gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org
> >>
> >> I'm stumped. Am I missing something?
> >>
> >
> > Are the keys in your keyring?:
> >
> > $ gpg2 --list-keys
> >
> > Any errors when locating the keys?
> >
>
> If the keys are present in your keyring, the answer by Teemu Likonen
> <tlikonen@iki.fi> is the next step to try.
>
So it looks like I am missing the keyring application.
-HP
Reply to: