On Thursday, March 29, 2018 at 10:10:26 AM UTC-4, Steven Walker wrote: > I am pretty much new to Qubes. Can anybody give me simple instructions on how > to verify my download. I have the iso asc, the digests file, and the signing > key asc. > > Can someone help me through this? > > Thank you, > > Steven
Ya I do it as shown here https://www.qubes-os.org/security/verifying-signatures/ I don't bother with digests, I just download the signature and the key. and the master key. https://keys.qubes-os.org/keys/qubes-master-signing-key.asc Check the master key is the same as shown on Joanna Rutkowska twitter. switch to the directory you imported everything. Then import it as shown on docs. gpg --import qubes-master-signing-key.asc Then import the PGP release key the same way. Then verifyy the .asc file with the iso as shown on docs. gpg -v --verify ascfile isofile Then doublecheck the release 4 signature key shown is signed with the qubes master key as shown in docs as the last step with gpg --list-sig -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11746397-f914-44d5-8e9e-63acc97542cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
