GPG Keys and SHA1SUMS issue

**mrembedded** · 2013-03-14

Hi All,

I am downloading the latest image from:

http://archive-5.kali.org/kali-image...-1.0-amd64.iso

I have also downloaded:
http://archive-5.kali.org/kali-images/SHA1SUMS.gpg
http://archive-5.kali.org/kali-images/SHA1SUMS

But when I try to validate I get this:

Code:

root@test:/root$ gpg --verify SHA1SUMS.gpg SHA1SUMS
gpg: Signature made Tue 12 Mar 2013 05:52:40 PM EDT using RSA key ID 7D8D0BF6
gpg: Good signature from "Kali Linux Repository <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 44C6 513A 8E4F B3D3 0875  F758 ED44 4FF0 7D8D 0BF6

Am I doing something wrong here?

**erhardm** · 2013-03-14

Everything is fine. It just says "The file is signed with this signature, but how do you know that this signature belongs to the kali devs?"
If you add the signature in your gpg then this warning will go away.

Regards

**mrembedded** · 2013-03-14

I did import the signature first:

Code:

wget -q -O - http://archive.kali.org/archive-key.asc | gpg --import

No errors.

Thread: GPG Keys and SHA1SUMS issue

Thread Tools

Search Thread

Display

GPG Keys and SHA1SUMS issue

Similar Threads

BAD Signature verifying the SHA1SUMS for the latest weekly release (2016-12-04)

Need help: Something wrong while verifying SHA1SUMS

SHA1SUMS.gpg

Verifying SHA1SUMS

Tags for this Thread

Posting Permissions