What I am trying to do is run a command like gpg --verify "name of the signature file" "name of the file" should this be for example SHA1SUM.sign SHA1SUM in case of the files on the webpage https://cdimage.debian.org/debian-cd/current-live/amd64/bt-hybrid/ when I run this command I get the message Can't check signature: No public key Where can the public key be found.
semih ozlem <[email protected]>, 24 Tem 2020 Cum, 17:31 tarihinde şunu yazdı: > Hi > > I am writing because I was puzzled about part of the explanation on the > page > https://www.debian.org/CD/verify > > I do not understand from the given page how to use .sign files and gpg in > order to check verify the authenticity of debian cds. I understand the part > with using sha256sum or sha512sum or md5sum to check whether the files were > downloaded correctly. > > What I do not understand is, should one download keys from debian > keyserver and/or use the files with extension .sign and gpg to perform some > sort of verification. If so what are the steps that should be taken to do > this step. > Also where should one find uids or ids of keys to receive from the > keyserver to check specifically latest debian isos. > > Thank you in advance for your help. And it would be wonderful if the > webpage states these steps. >
