PDA

View Full Version : GPG Keys and SHA1SUMS issue



mrembedded
2013-03-14, 02:57
Hi All,

I am downloading the latest image from:

http://archive-5.kali.org/kali-images/kali-linux-1.0-amd64.iso

I have also downloaded:
http://archive-5.kali.org/kali-images/SHA1SUMS.gpg
http://archive-5.kali.org/kali-images/SHA1SUMS

But when I try to validate I get this:


root@test:/root$ gpg --verify SHA1SUMS.gpg SHA1SUMS
gpg: Signature made Tue 12 Mar 2013 05:52:40 PM EDT using RSA key ID 7D8D0BF6
gpg: Good signature from "Kali Linux Repository <devel@kali.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6


Am I doing something wrong here?

erhardm
2013-03-14, 14:36
Everything is fine. It just says "The file is signed with this signature, but how do you know that this signature belongs to the kali devs?"
If you add the signature in your gpg then this warning will go away.


Regards

mrembedded
2013-03-14, 18:02
I did import the signature first:


wget -q -O - http://archive.kali.org/archive-key.asc | gpg --import

No errors.