On Mon, Dec 31, 2018 at 03:31:28AM -0800, [email protected] wrote: > Hi, > > I am trying to verify my download and i am in the final step where i have to > do > > gpg -v --verify Qubes-RX-x86_64.iso.asc Qubes-RX-x86_64.iso > > to verify the ISO file. The instructions claim that i can download the .asc > signature and this is where i am really stuck. The download link just leads > me to another page with the raw PGP signature-no download. I don't know how > to import it to gpg to do the verification. Do i have to transform it to a > .asc file or what?? I am extremely confused. > > Appreciate any advice. > >
You dont need to import that signature in to gpg. You *do* need to download and import the PGP key. On the page with the signature, save it as plain text. (If you save it as html page, you will have to edit the file to rekove HTML cruft). The saved page will be named Qubes-RX-x86_64.iso.asc , and you can then verify the download with that file. Dont forget to get a copy of the Master Signing key and check it - details as https://www.qubes-os.org/security/verifying-signatures/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181231120017.tabork6hz4axnnao%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
