Re: Verifying authenticity of Debian CDs

To: debian-user@lists.debian.org
Subject: Re: Verifying authenticity of Debian CDs
From: john doe <johndoe65534@mail.com>
Date: Fri, 24 Jul 2020 18:02:21 +0200
Message-id: <[🔎] d7fca15c-e18b-4e05-42bc-b46959d7d9b6@mail.com>
In-reply-to: <[🔎] CAFi06wcen4BspjTo9nU4vUere9w09z-4OtOgttJL3wGD80Toqg@mail.gmail.com>
References: <[🔎] CAFi06wcen4BspjTo9nU4vUere9w09z-4OtOgttJL3wGD80Toqg@mail.gmail.com>

On 7/24/2020 5:50 PM, Semih Ozlem wrote:

On the web page
https://www.debian.org/CD/verify
I am trying to follow the next paragraph.
"To ensure that the checksums files themselves are correct, use GnuPG to
verify them against the accompanying signature files (e.g. SHA512SUMS.sign).
The keys used for these signatures are all in the Debian GPG keyring
<https://keyring.debian.org> and the best way to check them is to use that
keyring to validate via the web of trust."

when I run the command
gpg --verify SHAxSUM.sign SHAxSUM
I get a message saying that

Can't check signature: No public key

How should I proceed to get the necessary public key.
I tried following the link on this page to https://keyring.debian.org/
but I was not able to follow what to do. I tried simple copy and paste of
commands on this page, or their small variants, but was not able to get any
results.

Can someone help please


If you have internet access, give a shot to the below command:

$ gpg --keyserver-options auto-key-retrieve verify SHA512SUMS.sign
SHA512SUMS

Assuming that it works, the next command will be:

$ sha512sum --strict --ignore-missing -c SHA512SUMS

--
John Doe

Reply to:

References:
- Verifying authenticity of Debian CDs
  - From: Semih Ozlem <semihozlemlinuxuser@gmail.com>

Prev by Date: Re: Error while trying to install openssh-server on Buster
Next by Date: Re: Verifying authenticity of Debian CDs
Previous by thread: Verifying authenticity of Debian CDs
Next by thread: Re: Verifying authenticity of Debian CDs
Index(es):
- Date
- Thread