Gpg: There is no indication that the signature belongs to the owner. Gpg: WARNING: This key is not certified with a trusted signature! Verifying the signature and it should be a good one. Now you can check that the checksum file has not been tampered by Gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model Gpg: key 6294BE9B: public key "Debian CD signing key " imported Gpg: requesting key 6294BE9B from hkp server The public key to import which in this case is 6294BE9B, so import the Then you already have the Debian public key, otherwise you need toĭownload it from the Debian keyring server.įrom the output of the previous command command you can get the ID of Gpg: Good signature from "Debian CD signing key " Gpg: Can't check signature: public key not found Gpg: Signature made Sun 02:32:31 CEST using RSA key ID 6294BE9B Gpg: assuming signed data in `SHA512SUMS' Probably the Debian CD public key is not available on your system, That some mirrors may not be up to date, in this case you can useįirst, you verify the authenticity of the actual SHA512SUMS checksumįile which will be used to verify the content of the Debian ISO image. Download a Debian ISO imageĭownload the ISO image and its signed checksum files from one of the
Here I will explain to you how to do these checks by using
that the ISO image checksum matches the one expected from the checksum file.
that the checksum file has not been tampered with, and.When you download an official release of Debian ISO image, you can use the signed checksum files that come with it to validate that the images you download are correct. Stable distribution Debian 9 (codename stretch). UPDATE - : The Debian team released the fourth update of its
0 kommentar(er)
