how to verify the signature of version 3.1
237 views
Skip to first unread message
worm...@gmail.com
May 4, 2016, 8:53:45 PM5/4/16
to qubes-users
Hi, I was trying to verify my download as its explained in the steps here:
https://www.qubes-os.org/doc/verifying-signatures/
But at this part:
For example: Qubes OS Release 2 Signing Key (0x0A40E458) is used for all Release 2 ISO images.
In the code, it gives the command
$ gpg --recv-keys 0x3F01DEF49719158EF86266F80C73B9D40A40E458
which is for the keys of the 2.0 version
How do I add the key for the 3.0?
In the end, it says:
You can also download all the currently used developers’ signing keys and current and older release signing keys (and also a copy of the Qubes Master Signing Key) from the keys directory on our server and from the Qubes Security Pack.
But when I enter, its an .asc file, which i already have with my downloaded torrent and that won't get verified when I run the last command on the tutorial
https://www.qubes-os.org/doc/verifying-signatures/
But at this part:
For example: Qubes OS Release 2 Signing Key (0x0A40E458) is used for all Release 2 ISO images.
In the code, it gives the command
$ gpg --recv-keys 0x3F01DEF49719158EF86266F80C73B9D40A40E458
which is for the keys of the 2.0 version
How do I add the key for the 3.0?
In the end, it says:
You can also download all the currently used developers’ signing keys and current and older release signing keys (and also a copy of the Qubes Master Signing Key) from the keys directory on our server and from the Qubes Security Pack.
But when I enter, its an .asc file, which i already have with my downloaded torrent and that won't get verified when I run the last command on the tutorial
Andrew David Wong
May 5, 2016, 4:18:57 AM5/5/16
to worm...@gmail.com, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-05-04 17:53, worm...@gmail.com wrote:
> Hi, I was trying to verify my download as its explained in the
> steps here:
>
> https://www.qubes-os.org/doc/verifying-signatures/
>
> But at this part:
>
> For example: Qubes OS Release 2 Signing Key (0x0A40E458) is used
> for all Release 2 ISO images.
>
> In the code, it gives the command
>
> $ gpg --recv-keys 0x3F01DEF49719158EF86266F80C73B9D40A40E458
>
> which is for the keys of the 2.0 version
>
> How do I add the key for the 3.0?
>
You can fetch it from our website like this:
$ gpg --fetch \
https://keys.qubes-os.org/keys/qubes-release-3-signing-key.asc
or from a public key server like this:
$ gpg --recv 0xC52261BE0A823221D94CA1D1CB11CA1D03FA5082
> In the end, it says:
>
> You can also download all the currently used developers’ signing
> keys and current and older release signing keys (and also a copy of
> the Qubes Master Signing Key) from the keys directory on our server
> and from the Qubes Security Pack.
>
>
> But when I enter, its an .asc file, which i already have with my
> downloaded torrent and that won't get verified when I run the last
> command on the tutorial
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXKwHWAAoJENtN07w5UDAws98QAKtzgMqmCA9MF4AO4wlRXZls
z+9uuClnTWDt1Jf4no8MtKbJjCD3Vym1MxKfWl6YFeHdE6SIusDh/wxZ7IvrL8I5
CXHhK4V66TvgoY1QTYnqIfmAge9OjzwU2wxX7q3uUDqvta7UPIdSjuV9XczYv4Je
Kl/guaUM3JXiIQUUSBEn+JahbYXjTw1pfMTp4gtfvvFVapQPtcZhTKimInet2FNJ
L6ssd/zDREERQOdDELJsLUcJGbziq399VkED9RXQgbvLeMT8AXCjete2RLJDCxJw
yUwr1YHyQjyI1HQMQzu0PAKdG8oM7cv09vm6r9DEnNR4AmEmcdV5htG0DYrD5ymm
I77ejp3sqGqRlwV4EPKUGQoBuyM/D06kHyomfOiM1BUqVGMNlB3cxbf3EWkobVfq
55kJ4hZY8AzxC2LifKvl2nzUuZTASXdgA3rXlXaI54+3z/gUNdpxFXbMzShVLKlU
lNkg1WxkFM6usFs345RPpXd3fYN40bKZ3o+pBCO3TMVjb6RbAPJTg2oMyI5/TI8S
BhjuMVedZZU91C+OUfsX2+PKXI3PGfec7BJdmGdEbjZzPAaUQPf8NOT5fC2VvIMY
bTBuYAkKzfn40FICGI07BMzkqV8k4eifuymH0k/iVwGHQk3kS7aNtHOnut5pkHMd
22i67UPp4710QJTndyi7
=1jLm
-----END PGP SIGNATURE-----
Hash: SHA512
On 2016-05-04 17:53, worm...@gmail.com wrote:
> Hi, I was trying to verify my download as its explained in the
> steps here:
>
> https://www.qubes-os.org/doc/verifying-signatures/
>
> But at this part:
>
> For example: Qubes OS Release 2 Signing Key (0x0A40E458) is used
> for all Release 2 ISO images.
>
> In the code, it gives the command
>
> $ gpg --recv-keys 0x3F01DEF49719158EF86266F80C73B9D40A40E458
>
> which is for the keys of the 2.0 version
>
> How do I add the key for the 3.0?
>
$ gpg --fetch \
https://keys.qubes-os.org/keys/qubes-release-3-signing-key.asc
or from a public key server like this:
$ gpg --recv 0xC52261BE0A823221D94CA1D1CB11CA1D03FA5082
> In the end, it says:
>
> You can also download all the currently used developers’ signing
> keys and current and older release signing keys (and also a copy of
> the Qubes Master Signing Key) from the keys directory on our server
> and from the Qubes Security Pack.
>
>
> But when I enter, its an .asc file, which i already have with my
> downloaded torrent and that won't get verified when I run the last
> command on the tutorial
>
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXKwHWAAoJENtN07w5UDAws98QAKtzgMqmCA9MF4AO4wlRXZls
z+9uuClnTWDt1Jf4no8MtKbJjCD3Vym1MxKfWl6YFeHdE6SIusDh/wxZ7IvrL8I5
CXHhK4V66TvgoY1QTYnqIfmAge9OjzwU2wxX7q3uUDqvta7UPIdSjuV9XczYv4Je
Kl/guaUM3JXiIQUUSBEn+JahbYXjTw1pfMTp4gtfvvFVapQPtcZhTKimInet2FNJ
L6ssd/zDREERQOdDELJsLUcJGbziq399VkED9RXQgbvLeMT8AXCjete2RLJDCxJw
yUwr1YHyQjyI1HQMQzu0PAKdG8oM7cv09vm6r9DEnNR4AmEmcdV5htG0DYrD5ymm
I77ejp3sqGqRlwV4EPKUGQoBuyM/D06kHyomfOiM1BUqVGMNlB3cxbf3EWkobVfq
55kJ4hZY8AzxC2LifKvl2nzUuZTASXdgA3rXlXaI54+3z/gUNdpxFXbMzShVLKlU
lNkg1WxkFM6usFs345RPpXd3fYN40bKZ3o+pBCO3TMVjb6RbAPJTg2oMyI5/TI8S
BhjuMVedZZU91C+OUfsX2+PKXI3PGfec7BJdmGdEbjZzPAaUQPf8NOT5fC2VvIMY
bTBuYAkKzfn40FICGI07BMzkqV8k4eifuymH0k/iVwGHQk3kS7aNtHOnut5pkHMd
22i67UPp4710QJTndyi7
=1jLm
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages