Results 1 to 3 of 3

Thread: GPG Keys and SHA1SUMS issue

  1. #1
    Join Date
    2013-Mar
    Posts
    2

    Question GPG Keys and SHA1SUMS issue

    Hi All,

    I am downloading the latest image from:

    http://archive-5.kali.org/kali-image...-1.0-amd64.iso

    I have also downloaded:
    http://archive-5.kali.org/kali-images/SHA1SUMS.gpg
    http://archive-5.kali.org/kali-images/SHA1SUMS

    But when I try to validate I get this:
    Code:
    root@test:/root$ gpg --verify SHA1SUMS.gpg SHA1SUMS
    gpg: Signature made Tue 12 Mar 2013 05:52:40 PM EDT using RSA key ID 7D8D0BF6
    gpg: Good signature from "Kali Linux Repository <devel@kali.org>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 44C6 513A 8E4F B3D3 0875  F758 ED44 4FF0 7D8D 0BF6
    Am I doing something wrong here?

  2. #2
    Join Date
    2013-Mar
    Posts
    1
    Everything is fine. It just says "The file is signed with this signature, but how do you know that this signature belongs to the kali devs?"
    If you add the signature in your gpg then this warning will go away.


    Regards

  3. #3
    Join Date
    2013-Mar
    Posts
    2
    I did import the signature first:

    Code:
    wget -q -O - http://archive.kali.org/archive-key.asc | gpg --import
    No errors.

Similar Threads

  1. Replies: 2
    Last Post: 2016-12-05, 13:14
  2. Need help: Something wrong while verifying SHA1SUMS
    By rakzrodx in forum Installing Archive
    Replies: 2
    Last Post: 2016-10-01, 18:17
  3. SHA1SUMS.gpg
    By 1zero1 in forum Installing Archive
    Replies: 3
    Last Post: 2016-05-27, 11:36
  4. Verifying SHA1SUMS
    By Djenu in forum Installing Archive
    Replies: 2
    Last Post: 2015-11-06, 08:55

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •