Re: gpg says no user ID

[Thomas George <debianlist@mailfence.com>]

I am giving up and will proceed with the netinst. Thanks everyone for 
the many helpful comments and recommendations.

I stripped the spaces from the fingerprint and equated it RSA key. They 
matched. So every thing is correct until the last step

Dragonette:/home/tom/Downloads/debian# gpg2 --verify SHA512SUMS.sign.txt 
debian-11.5.0-amd64-netinst.iso
gpg: Signature made Sat 10 Sep 2022 07:00:08 PM EDT
gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: BAD signature from "Debian CD signing key 
<debian-cd@lists.debian.org>" [unknown]

Note: I used SHA512SUMS.sign.txt and SHA512SUMS.txt in all the previous 
successful verifications as that it is the way they were downloaded from 
the Debian site.

Tom George

On 11/16/22 10:19, Thomas Schmitt wrote:
> Hi,
>
> i managed to produce a rare self-misattribution by copy+paste:
>
> -------------------------------------------------------------------------
> the program gpg writes about the Debian CD signing key DA87E80D6294BE9B :
> > > > WARNING: This key is not certified with a trusted signature!
> > > > There is no indication that the signature belongs to the owner
> I wrote:
> > > This is a security usability problem. How is a non-expert to know that
> > > this warning can be ignored, while others must be tended to?
> Jeffrey Walton wrote:
> > This is a security usability problem. How is a non-expert to know that
> > this warning can be ignored, while others must be tended to?
> -------------------------------------------------------------------------
>
> My part should of course have been different from Jeffrey Walton's:
>
>    I wrote:
>    > > The warning is normal with the Debian keys and can be ignored.
>
>
> Have a nice day :)
>
> Thomas