Results 1 to 3 of 3

Thread: Issues with verifying downloaded image

  1. #1
    Join Date

    Issues with verifying downloaded image

    I'm completely new here. I am currently using Windows 10 OS to download Kali image on. I have downloaded image from official kali download page here

    I have tried to verify my download and because the output is not totally identical to the example on the download page and because I'm not 100% sure of how verification works I cannot be sure that if everything is OK.

    I have posted my output below and used blue font for the portion which doesn't match with what is expected as per download page instructions.
    Can someone please explain if the download is correct or verification needs changes? I tried the same by downloading couple of times with same results.

    I am using gpg4win latest 3.x version.

    > gpg --keyserver hkp:// --recv-key 7D8D0BF6
    key ED444FF07D8D0BF6:
    119 signatures not checked due to missing keys
    gpg: key ED444FF07D8D0BF6: "Kali Linux Repository <>" 120 new signatures
    gpg: no ultimately trusted keys found
    gpg: Total number processed: 1
    gpg:         new signatures: 120
    > gpg --fingerprint 7D8D0BF6
    pub   rsa4096 2012-03-05 [SC] [expires: 2018-02-02]
          44C6 513A 8E4F B3D3 0875  F758 ED44 4FF0 7D8D 0BF6
    uid           [ unknown] Kali Linux Repository <>
    sub   rsa4096 2012-03-05 [E] [expires: 2018-02-02]

    > gpg --verify .\SHA256SUMS.gpg .\SHA256SUMS
    gpg: Signature made 09/18/17 14:50:52 Eastern Daylight Time
    gpg:                using RSA key ED444FF07D8D0BF6
    gpg: Good signature from "Kali Linux Repository <>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 44C6 513A 8E4F B3D3 0875  F758 ED44 4FF0 7D8D 0BF6
    Really need your help!


    PS: Does this question belong to 'Installing Kali Linux' which says it's for 'Issues with hard disk or network installs or downloading Kali? post them here.' ? I am new here and don't know if posting this question there would get at least some replies? Thanks!
    Last edited by nan0kali; 2017-10-18 at 00:02.

  2. #2
    Join Date
    Seriously? Two months and no responses to this? Absolutely ridiculous. I know that somebody has an answer. I also know that nan0kali and I aren't the only two who are experiencing this issue on Windows. I also know that this issue has been ongoing for at least several months - it happened to me the last time that I tried verifying a Kali image.

    What's the solution?

  3. #3
    Join Date
    I don't think there is anything wrong with the output posted by the OP.
    I'm not a PGP/GPG expert but this chapter from the Kali Revealed book tells me to expect those black lines in the output of the OP and it confirms that the sha file is genuine:

    This GPG manual

    seems to confirm that we should expect the output highlighted in blue and it explains the reasons.

    In summary, reading those resources, I understand that:

    - If we get the output that is marked black in the OP's output then everything is good and we can trust the SHA256 file
    - If we get the output that is marked in blue, then that does not mean that there is anything wrong; compare the fingerprint with the one published and we'll be fine

    Hope that helps

Similar Threads

  1. Replies: 5
    Last Post: 2015-08-15, 05:41
  2. problem with "Verifying Your Downloaded Kali Image"
    By foneyan in forum Installing Archive
    Replies: 0
    Last Post: 2015-04-22, 17:38
  3. Replies: 2
    Last Post: 2015-03-16, 16:38
  4. Downloaded Kali Image has Backtrack splash page??
    By polyphemus in forum Installing Archive
    Replies: 1
    Last Post: 2014-01-11, 20:27

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts