Hi , I have read this post https://forums.kali.org/showthread.p...SHA1SUMS-issue and I followed the same steps (for kali 1.0.7) and Got the same results
Well I downloaded the .iso from the torrent file of kali's website(http://cdimage.kali.org/kali-1.0.7/k...-amd64.torrent) ,then I downloaded the Both files (SHA1SUMS and SHA1SUMS.gpg) from this urls:
http://cdimage.kali.org/kali-1.0.7/SHA1SUMS
http://cdimage.kali.org/kali-1.0.7/SHA1SUMS.gpg
Well my questions are :
after I executed this command:
gpg --verify SHA1SUMS.gpg SHA1SUMS
I got the message:
(well my laptop is set up in spanish language)Code:gpg: Firmado el mar 27 may 2014 08:39:38 BOT usando clave RSA ID 7D8D0BF6 gpg: Firma correcta de "Kali Linux Repository <[email protected]>" gpg: ATENCIÓN: ¡Esta clave no está certificada por una firma de confianza! gpg: No hay indicios de que la firma pertenezca al propietario. Huellas dactilares de la clave primaria: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
Well my questions is ,how this guarante me the iso file has not been modified for someelse? if I am verifying only the files SHA1SUMS and SHA1SUMS.gpg that I downloaded from the kali's website,so what is the relationship with the .iso image?
PLease help me I dont understand this
Thanks
