Re: No Public Key

To: debian-user@lists.debian.org
Subject: Re: No Public Key
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Mon, 14 Nov 2022 09:19:29 +0100
Message-id: <[🔎] 1352639982314990874@scdbackup.webframe.org>
In-reply-to: <[🔎] 9b760a4f-cffe-a4a4-d50d-24f334316acd@mailfence.com>
References: <[🔎] 9b760a4f-cffe-a4a4-d50d-24f334316acd@mailfence.com>

Hi,

Thomas George wrote:
> I thought to skip this step and tried
> gpg --verify SHA515SUMS.sign.txt debian-11.5.0-amd64-netinst.iso

That's not the right way.
SHA515SUMS.sign verifies SHA515SUMS
SHA515SUMS verifies debian-11.5.0-amd64-netinst.iso

The latter step can be done by this command in the directory where
SHA515SUMS and debian-11.5.0-amd64-netinst.iso have been downloaded:

  sha512sum -c SHA515SUMS

This is supposed to report:

  debian-11.5.0-amd64-netinst.iso: OK
  sha512sum: debian-edu-11.5.0-amd64-netinst.iso: No such file or directory
  debian-edu-11.5.0-amd64-netinst.iso: FAILED open or read
  sha512sum: debian-mac-11.5.0-amd64-netinst.iso: No such file or directory
  debian-mac-11.5.0-amd64-netinst.iso: FAILED open or read
  sha512sum: WARNING: 2 listed files could not be read

The errors and warnings are emitted because only one of the listed ISOs was
downloaded. Decisive is the line

  debian-11.5.0-amd64-netinst.iso: OK

----------------------------------------------------------------------

Having the necessary public keys i get from the first verification step

  gpg --verify SHA512SUMS.sign SHA512SUMS

this report

  gpg: Signature made Sun 11 Sep 2022 01:00:08 AM CEST using RSA key ID 6294BE9B
  gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

Untested proposal:

If none of the method given so far work for getting that public key, i
would try the link in line
  pub   rsa4096/DA87E80D6294BE9B 2011-01-05 [SC]
of
  https://www.debian.org/CD/verify

I.e.

  wget https://www.debian.org/CD/key-DA87E80D6294BE9B.txt

and then

  gpg --import key-DA87E80D6294BE9B.txt

(I will not try this gpg --import step here, out of superstition not to
change things which already work.
There are many web sites which show such examples. Like:
  https://linuxhint.com/export-import-keys-with-gpg/
)

Have a nice day :)

Thomas

Reply to:

References:
- No Public Key
  - From: Thomas George <debianlist@mailfence.com>

Prev by Date: Re: Causing segmentations fault; Was: Re: No Public Key
Next by Date: Re: Causing segmentations fault; Was: Re: No Public Key
Previous by thread: Re: Causing segmentations fault; Was: Re: No Public Key
Next by thread: How to increase hard NOFILE limit in debian 11?
Index(es):
- Date
- Thread