[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg says no user ID

Hi,

Thomas George wrote:
>  I am going to erase every thing I have done and start over.

There's no need for starting over. The SHA512SUM file is meanwhile
authenticated by your run of:

> > gpg2 --verify SHA512SUMS.sign SHA512SUMS
> > [...]
> >   gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" [unknown]
> > [...]
> > ...gpg: WARNING: This key is not certified with a trusted signature!
> > ......There is no indication that the signature belongs to the owner
> > ...Primary key fingerprint: DF9B9C49EAA9298432589D76DA87E80D6294BE9B

The warning is normal with the Debian keys and can be ignored.

Important is the key fingerprint, which is published on
  https://www.debian.org/CD/verify
as
  Key fingerprint = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

I would leave it to copy+paste and the computer to compare the strings.
Remove the blanks from the published number:

  echo "DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B" | sed -e 's/ //g'

which will respond by

  DF9B9C49EAA9298432589D76DA87E80D6294BE9B

Copy+paste the result and the string reported by gpg --verify to a
comparison command:

  test DF9B9C49EAA9298432589D76DA87E80D6294BE9B = DF9B9C49EAA9298432589D76DA87E80D6294BE9B && echo MATCH

which responds by

  MATCH

----------------------------------------------------------------------

So now you only have to verify the SHA512 checksum of the ISO by

  sha512sum -c SHA515SUMS

and watching out for the response

  debian-11.5.0-amd64-netinst.iso: OK


Have a nice day :)

Thomas
Reply to: