[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help: debian-12.10.0-amd64-netinst.iso autenticity test

Hi,

Pier Antonio Corradini wrote:
> Autenticity control (gpg --verify SHA512SUMS.sign SHA512SUMS.txt):
> [...]
> gpg:                utilizzando la chiave RSA DF9B9C49EAA9298432589D76DA87E80D6294BE9B
> gpg: Firma BAD da "Debian CD signing key <debian-cd@lists.debian.org>"

I assume that "Firma BAD" means bad signature.

I get a different result:

  wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS
  wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS.sign
  gpg --verify SHA512SUMS.sign SHA512SUMS

yields

  gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>"

The MD5 and SHA512 sum of SHA512SUMS are
  ad6d99aab91a4ec4d3293afc0dfbd95d
  36bf1f16bc4b9795122b7b3542a32f34c3be0ef294ff3a8bf43232df6554b69b569fe15d93c79ee48a47902e1a6ad87ca9966988cd4bf9db684f7dd7eda7813a

The ones of SHA512SUMS.sign are
  fb3d950c9472f35bd06add950ccfe991
  0095bd988c97a7bd0400704ffd3d0fe64a33057b5eaed7530973fac4e039cc366bc5c144413cdb48a591fa5a5d9bd8240721d797964ca453b5981d90ed8e1a13

So which one of your downloaded SHA512SUMS* files deviates from these ?


Have a nice day :)

Thomas
Reply to: