Results 1 to 2 of 2

Thread: Issues with download verification

  1. #1
    Join Date
    2016-Apr
    Posts
    1

    Issues with download verification

    I'm completely new here. I have tried to verify my download and because the output is not totally identical to the worked example on the download page and because I'm not 100% sure of how verification works I cannot be sure that eveything is OK. I have posted my output below and hopefully someone can explain the extra warnings and messages saying "no ultimately trusted keys found" and "this key is not certified with trusted signature"

    How do I know which exceptions to ignore?

    user500@HHJJKL /media/user500/USB Stick $ wget -q -O - https://www.kali.org/archive-key.asc | gpg --importgpg: directory `/home/user500/.gnupg' created
    gpg: new configuration file `/home/user500/.gnupg/gpg.conf' created
    gpg: WARNING: options in `/home/user500/.gnupg/gpg.conf' are not yet active during this run
    gpg: keyring `/home/user500/.gnupg/secring.gpg' created
    gpg: keyring `/home/user500/.gnupg/pubring.gpg' created
    gpg: /home/user500/.gnupg/trustdb.gpg: trustdb created
    gpg: key 7D8D0BF6: public key "Kali Linux Repository <[email protected]>" imported
    gpg: Total number processed: 1
    gpg: imported: 1 (RSA: 1)
    user500@HHJJKL /media/user500/USB Stick $ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
    gpg: requesting key 7D8D0BF6 from hkp server keys.gnupg.net
    gpg: key 7D8D0BF6: "Kali Linux Repository <[email protected]>" 54 new signatures
    gpg: no ultimately trusted keys found
    gpg: Total number processed: 1
    gpg: new signatures: 54
    user500@HHJJKL /media/user500/USB Stick $ gpg --list-keys --with-fingerprint 7D8D0BF6
    pub 4096R/7D8D0BF6 2012-03-05 [expires: 2018-02-02]
    Key fingerprint = 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
    uid Kali Linux Repository <[email protected]>
    sub 4096R/FC0D0DCB 2012-03-05 [expires: 2018-02-02]

    user500@HHJJKL /media/user500/USB Stick $ gpg --verify SHA1SUMS.gpg SHA1SUMS
    gpg: Signature made Tue 22 Mar 2016 09:41:12 GMT using RSA key ID 7D8D0BF6
    gpg: Good signature from "Kali Linux Repository <[email protected]>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
    user500@HHJJKL /media/user500/USB Stick $ sha1sum kali-linux-2016.1-amd64.iso
    deaa41c5c8f26b7854cafb34b6f1b567871c4875 kali-linux-2016.1-amd64.iso
    user500@HHJJKL /media/user500/USB Stick $

  2. #2
    Join Date
    2013-Apr
    Location
    Kali forums
    Posts
    805
    Looks like the signature was fine from the Kali repos. I'm no gpg expert, but I'd say the "no ultimately trusted keys found" error means your root key is not trusted. There's probably a gpg utility to set your own root key to trusted.

Similar Threads

  1. NetHunterStore apk gpg verification
    By se7enge in forum Installing NetHunter
    Replies: 0
    Last Post: 2021-04-27, 23:26
  2. Query on the download verification
    By SJK in forum Installing Archive
    Replies: 1
    Last Post: 2021-01-14, 15:30
  3. Issues at Download
    By gilto in forum Installing Archive
    Replies: 0
    Last Post: 2020-05-27, 08:35
  4. Atheros TL-WN722n Download and Deinitilization Issues
    By Merchant in forum General Archive
    Replies: 9
    Last Post: 2017-04-05, 09:17
  5. Having issues trying to download Kali Linux 2.0
    By Steve.Todd in forum General Archive
    Replies: 1
    Last Post: 2015-08-15, 22:06

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •