Unable to generate genuine key as stated in Kali Linux Revealed book which is 0xED444FF07D8D0BF6
Each and evry download size bigger than the stated size on https://www.kali.org/downloads/
Missing 0x in my generated key and i'm getting
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
and
root@kali:/media/root/16Gbext4# grep kali-linux-light-2018.4-i386.iso | sha256sum -c
does not echo ok
__________________________________________________ __________________________________________________ ______________________

root@kali:/media/root/16Gbext4# wget -q -O - https://www.kali.org/archive-key.asc | gpg --import
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key ED444FF07D8D0BF6: public key "Kali Linux Repository <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
root@kali:/media/root/16Gbext4# gpg --fingerprint 7D8D0BF6
pub rsa4096 2012-03-05 [SC] [expires: 2021-02-03]
44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
uid [ unknown] Kali Linux Repository <[email protected]>
sub rsa4096 2012-03-05 [E] [expires: 2021-02-03]

root@kali:/media/root/16Gbext4# wget http://cdimage.kali.org/current/SHA256SUMS
--2018-11-29 10:44:13-- http://cdimage.kali.org/current/SHA256SUMS
Resolving cdimage.kali.org (cdimage.kali.org)... 192.99.200.113
Connecting to cdimage.kali.org (cdimage.kali.org)|192.99.200.113|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://kali.cs.nctu.edu.tw/kali-images/kali-2018.4/SHA256SUMS [following]
--2018-11-29 10:44:14-- http://kali.cs.nctu.edu.tw/kali-images/kali-2018.4/SHA256SUMS
Resolving kali.cs.nctu.edu.tw (kali.cs.nctu.edu.tw)... 140.113.17.5
Connecting to kali.cs.nctu.edu.tw (kali.cs.nctu.edu.tw)|140.113.17.5|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 982 [application/octet-stream]
Saving to: ?SHA256SUMS?

SHA256SUMS 100%[===================>] 982 --.-KB/s in 0.1s

2018-11-29 10:44:15 (7.97 KB/s) - ?SHA256SUMS? saved [982/982]

root@kali:/media/root/16Gbext4# wget http://cdimage.kali.org/current/SHA256SUMS.gpg
--2018-11-29 10:44:22-- http://cdimage.kali.org/current/SHA256SUMS.gpg
Resolving cdimage.kali.org (cdimage.kali.org)... 192.99.200.113
Connecting to cdimage.kali.org (cdimage.kali.org)|192.99.200.113|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://kali.cs.nctu.edu.tw/kali-images/kali-2018.4/SHA256SUMS.gpg [following]
--2018-11-29 10:44:22-- http://kali.cs.nctu.edu.tw/kali-images/kali-2018.4/SHA256SUMS.gpg
Resolving kali.cs.nctu.edu.tw (kali.cs.nctu.edu.tw)... 140.113.17.5
Connecting to kali.cs.nctu.edu.tw (kali.cs.nctu.edu.tw)|140.113.17.5|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 833 [application/octet-stream]
Saving to: ?SHA256SUMS.gpg?

SHA256SUMS.gpg 100%[===================>] 833 --.-KB/s in 0.02s

2018-11-29 10:44:22 (41.3 KB/s) - ?SHA256SUMS.gpg? saved [833/833]

root@kali:/media/root/16Gbext4# gpg --verify SHA256SUMS.gpg SHA256SUMS
gpg: Signature made Mon 29 Oct 2018 07:16:19 AM UTC
gpg: using RSA key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
gpg: Good signature from "Kali Linux Repository <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6

root@kali:/media/root/16Gbext4# grep kali-linux-light-2018.4-i386.iso | sha256sum -c

You have a missing parameter in the grep command: the name of the file to grep: SHA256SUMS -> grep kali-linux-light-2018.4-i386.iso SHA256SUMS | sha256sum -c

Thank you but that only answers 1 out of 4 questions.How about the size of the downloaded file which always doesn't match and the .iso verification key which doesn't match 0xED444FF07D8D0BF6 (I'm getting ED444FF07D8D0BF6) .Kali Linux Reaveled book say even slight compromised of .iso will mismatch the original key.

Sorry, the post wasn't organized so I thought it was just one question.

Regarding the missing '0x', it's unimportant. It matches. 0x is SOMETIMES used to prefix hex characters to avoid confusion.

Regarding the size, I checked and don't see any difference, could you point out what is the issue there?

What's the last question?

Thank u again.The last question which supposed to be the major is "gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0B" and I even dough if this forum is compromised as well to compare with user population of Kali in India itself could rocked the Threads 10x it is now.Im sorry if I'm wrong

I will be organized with questions the next time since I'm new here.Thank u for understanding

You got the key over the internet which cannot be fully trusted. The only way you can fully trust is if you meet in person. However, it says "Good signature from "Kali Linux Repository <[email protected]>" [unknown]" which means that as long as you trust that key, then it is good.

...ggwp...