On 2023-08-06 9:28 p.m., Juan R.D. Silva wrote:
I downloaded debian-12.1.0-amd64-DVD-1.iso, SHA512SUMS, and
SHA512SUMS.sign files from
https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/.
$ sha512sum -c SHA512SUMS gives me OK. So the image is fine.
However verifying the signatures fails.
$ gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Sat 10 Sep 2022 07:00:46 PM EDT
gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: Can't check signature: No public key
I downloaded the required key:
$ wget -c "https://www.debian.org/CD/key-DA87E80D6294BE9B.txt";
and imported it:
$ gpg --import key-DA87E80D6294BE9B.txt
When repeated verification get this:
gpg --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Sat 22 Jul 2023 01:04:11 PM EDT
gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: BAD signature from "Debian CD signing key
<[email protected]>" [unknown]
Can anybody explain it. I do not see what I'm doing wrong here.
Thanks.
The problem is resolved. My fault. :-).
