Results 1 to 3 of 3

Thread: BAD Signature verifying the SHA1SUMS for the latest weekly release (2016-12-04)

  1. #1
    Join Date
    2016-Nov
    Posts
    8

    Exclamation BAD Signature verifying the SHA1SUMS for the latest weekly release (2016-12-04)

    Hello all,

    Was following the referred steps for downloading and verifying the downloaded ISO and SHA1SUMS file with the hashes. I tried downloading twice the files from http://cdimage.kali.org/kali-weekly/ (SHA1SUMS, SHA1SUMS.gpg and the ISO) and running gpg --verify SHA1SUMS.gpg SHA1SUMS which outputs the following message:
    gpg: Signature made Sun 04 Dec 2016 08:04:45 AM WET
    gpg: using RSA key ED444FF07D8D0BF6
    gpg: BAD signature from "Kali Linux Repository <devel@kali.org>" [unknown]


    Running the sha1sum on kali-linux-2016-W49-i386.iso I do get the following hash 8102154fc6c7e33e5cb635e34c93f8a0e0852bc5 (which matches the one on the SHA1SUMS file, but with a BAD signature, how can I actually verify that this hash I'm matching against isn't bogus?

    Kind regards

  2. #2
    Join Date
    2016-Nov
    Posts
    8
    Quick note: actually the SHA1SUMS file I was downloading was from https://archive.kali.org/kali-images...eekly/SHA1SUMS and not from http://cdimage.kali.org/kali-weekly/
    The one from http://cdimage.kali.org/kali-weekly/ does get a Good signature.
    The one from https://archive.kali.org/kali-images...eekly/SHA1SUMS (as instructed on the main download page) gets the Bad signature.

    I guess the files can then be verified, but nevertheless may be worth checking out why both SHA1SUMS file aren't matching.
    Cheers

  3. #3
    Join Date
    2016-Dec
    Posts
    1
    I get the same unknown when running gpg --list-keys --with-fingerprint 7D8D0BF6

    pub 4096R/7D8D0BF6 2012-03-05 [expires: 2018-02-02]
    Key fingerprint = 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
    uid [ unknown] Kali Linux Repository <devel@kali.org>
    sub 4096R/FC0D0DCB 2012-03-05 [expires: 2018-02-02]

Similar Threads

  1. Kali 2016.2 cat /etc/*release reports OS is 2016.1
    By william tell in forum General Archive
    Replies: 2
    Last Post: 2017-02-02, 16:52
  2. Need help: Something wrong while verifying SHA1SUMS
    By rakzrodx in forum Installing Archive
    Replies: 2
    Last Post: 2016-10-01, 18:17
  3. Verifying SHA1SUMS
    By Djenu in forum Installing Archive
    Replies: 2
    Last Post: 2015-11-06, 08:55
  4. issue upgrading 1.0.9 32 bit to latest release 1.1.0
    By alejandroguerrat in forum TroubleShooting Archive
    Replies: 2
    Last Post: 2015-04-15, 13:32
  5. Kali did not upgrade to the latest release
    By Ain Devonshire in forum TroubleShooting Archive
    Replies: 6
    Last Post: 2015-04-13, 17:51

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •