Hello all,
Was following the referred steps for downloading and verifying the downloaded ISO and SHA1SUMS file with the hashes. I tried downloading twice the files from http://cdimage.kali.org/kali-weekly/ (SHA1SUMS, SHA1SUMS.gpg and the ISO) and running gpg --verify SHA1SUMS.gpg SHA1SUMS which outputs the following message:
gpg: Signature made Sun 04 Dec 2016 08:04:45 AM WET
gpg: using RSA key ED444FF07D8D0BF6
gpg: BAD signature from "Kali Linux Repository <[email protected]>" [unknown]
Running the sha1sum on kali-linux-2016-W49-i386.iso I do get the following hash 8102154fc6c7e33e5cb635e34c93f8a0e0852bc5 (which matches the one on the SHA1SUMS file, but with a BAD signature, how can I actually verify that this hash I'm matching against isn't bogus?
Kind regards