On Sat, Dec 09, 2017 at 02:37:49PM -0300, Franz wrote: > On Sat, Dec 9, 2017 at 1:35 PM, Chris Laprise <[email protected]> wrote: > > > On 12/09/2017 09:56 AM, Franz wrote: > > > >> I bought a larger SSD and want to reinstall 3.2, but gpg verification no > >> more works. > >> > >> I have a gpg VM where all this verificaion stuff is already installed and > >> worked for 3.1 and 3.2 in the past, so assumed it should work again for the > >> same task, but no. > >> > >> For the signature file of the iso, I pasted it into a file called > >> Qubes-R3.2-x86_64.iso.asc > >> > >> But I get: > >> > >> gpg -v --verify Qubes-R3.2-x86_64.iso.asc Qubes-R3.2-x86_64.iso > >> gpg: no valid OpenPGP data found. > >> gpg: the signature could not be verified. > >> > >> So I suspected it is because developer key lapse after one year and did: > >> |gpg --recv-keys 0xC52261BE0A823221D94CA1D1CB11CA1D03FA5082 | > >> |as instructed here https://www.qubes-os.org/secur > >> ity/verifying-signatures/ It actually imported one key, but verification > >> gives the same failed result. | > >> |Also tried to import the key associated to iso download [user@gpg > >> iso2]$ gpg --import qubes-release-3-signing-key\(1\).asc gpg: key > >> 03FA5082: "Qubes OS Release 3 Signing Key" not changed gpg: Total number > >> processed: 1 gpg: unchanged: 1 | > >> |Finally downloaded the iso again, but same result | > >> > > > > Maybe you pasted the key into the .asc file, instead of pasting the > > signature? > > > > > this one: > > Version: GnuPG v2 > > iQIcBAABCAAGBQJX4XLxAAoJEMsRyh0D+lCC738P/R35gthUmjr35NqF3foatmF/ > UIZ0ggKBXUqlMNaTdl4TosJsExuZw6/YDErgukupHAhPaV22WcBtz+6+ZL6VdmSz > /UpBOVxQ2SBFzj7DfVelpWOCp+wp09xf42fxqXvhpZQyj8plbgjJ1glbkd5uM6Dp > vDZJWYwxtTujqLxyX2WBSvBWgtpCrhCMYFZHbAHhICQ3iWxr6sPgQhXEh49FuRZU > Ksk9OZJmgrQ3ds5hO3HGuSQYUQKEuNlWbTN7dJJQHbPpvS6areaWCIKuIy6M2HwL > zP6TbTF+B3F1Se+AwhiSb4rKQgVecgd+lxXc+KqmfNQfIJf/2lK2KxqmWY5O9Idz > mtp1w0o8hnJlS6Axn3JAmmipNuCPUVg+a99KV4TL01xbAc35eUkCQi12IwDCiO8Q > m0CaFy0xbBImCb2qFt8MNk+qbcIxFI0kML0IwJ4axSdDIrMiLl96Rvso8vEcyuAg > CS3SjRxorbltjtb/5CmyMRdSpXzCJ4fY2U8vmqMijtKQCmCs6xJKsexsC/gNaXVO > ZoIsMwBwu1a/SThx1zUT4Iq0gyN1P0IxwKIrd2GT+ewBlwo3DfEMaPItYduVqGE2 > OGjcxx2J/F7Zn6DH2QSx6o1W25hUNjtRSsWv8udtOK602wjX9AjotRUl5LWriq/P > 8sabLZSQ2AWu4Gr1qXAy > =qkEl > > > > > If you think the .iso downloaded incorrectly, first thing to check is the > > exact number of bytes with 'ls -l' in case the download stopped prematurely. > > > > I downloaded it two times... > > [user@gpg iso2]$ ls -l > total 4147212 > -rw-r--r-- 1 user user 4246732800 Dec 9 00:07 Qubes-R3.2-x86_64.iso > -rw-rw-r-- 1 user user 761 Dec 9 10:26 Qubes-R3.2-x86_64.iso.asc > -rw-r--r-- 1 user user 2364 Dec 9 10:41 > 'qubes-release-3-signing-key(1).asc' >
That's the right signature - try downloading rather than copying/pasting. Have you included the BEGIN/END lines? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171209175243.p7ypoohvkcvpw57n%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
