Hi, Semih Ozlem wrote: > Question 1... in checking the correctness of SHAxxSUM files on > debian-live-cd image downloads, using SHAxxSUM.sign files what are the steps > to take, and where can (if any) public key be found so that when running gpg > --verify SHAxxSUM.sign SHAxxSUM command the output no public key found is > replaced with some other message or response
Try this example https://wiki.debian.org/JigdoOnLive#Verify_the_Debian_Live_download (Replace the download URL and ISO name by the ISO URL and name in question.) If gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS does not work, download the keys explicitely by gpg --keyserver keyring.debian.org --recv-keys 64E6EA7D gpg --keyserver keyring.debian.org --recv-keys 6294BE9B (Key ids taken from https://www.debian.org/CD/verify ) Have a nice day :) Thomas
