Issues with download verification

[kuser294]

I'm completely new here. I have tried to verify my download and because the output is not totally identical to the worked example on the download page and because I'm not 100% sure of how verification works I cannot be sure that eveything is OK. I have posted my output below and hopefully someone can explain the extra warnings and messages saying "no ultimately trusted keys found" and "this key is not certified with trusted signature"

How do I know which exceptions to ignore?

user500@HHJJKL /media/user500/USB Stick $ wget -q -O - https://www.kali.org/archive-key.asc | gpg --importgpg: directory `/home/user500/.gnupg' created
gpg: new configuration file `/home/user500/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user500/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user500/.gnupg/secring.gpg' created
gpg: keyring `/home/user500/.gnupg/pubring.gpg' created
gpg: /home/user500/.gnupg/trustdb.gpg: trustdb created
gpg: key 7D8D0BF6: public key "Kali Linux Repository <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
user500@HHJJKL /media/user500/USB Stick $ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
gpg: requesting key 7D8D0BF6 from hkp server keys.gnupg.net
gpg: key 7D8D0BF6: "Kali Linux Repository <[email protected]>" 54 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: new signatures: 54
user500@HHJJKL /media/user500/USB Stick $ gpg --list-keys --with-fingerprint 7D8D0BF6
pub 4096R/7D8D0BF6 2012-03-05 [expires: 2018-02-02]
Key fingerprint = 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
uid Kali Linux Repository <[email protected]>
sub 4096R/FC0D0DCB 2012-03-05 [expires: 2018-02-02]

user500@HHJJKL /media/user500/USB Stick $ gpg --verify SHA1SUMS.gpg SHA1SUMS
gpg: Signature made Tue 22 Mar 2016 09:41:12 GMT using RSA key ID 7D8D0BF6
gpg: Good signature from "Kali Linux Repository <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
user500@HHJJKL /media/user500/USB Stick $ sha1sum kali-linux-2016.1-amd64.iso
deaa41c5c8f26b7854cafb34b6f1b567871c4875 kali-linux-2016.1-amd64.iso
user500@HHJJKL /media/user500/USB Stick $

[grid]

Looks like the signature was fine from the Kali repos. I'm no gpg expert, but I'd say the "no ultimately trusted keys found" error means your root key is not trusted. There's probably a gpg utility to set your own root key to trusted.