-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2019-09-30 12:10 PM, Dave wrote:
>> From https://www.qubes-os.org/security/verifying-signatures/
>
> Working from AppVM terminal...
>
> I've acquired and imported qubes master signing key, verified
> fingerprint, and set trust to ultimate Then fetched release 4
> signing key, which is supposed to be signed by the master signing
> key, but is NOT
>
> *What matters is that the last line shows that this key is signed
> by the
>> Qubes Master Signing Key, which verifies the authenticity of the
>> Release Signing Key.*
>>
>
> [user@browser rpm-gpg]$ gpg --fetch-keys
> https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc
> gpg: requesting key from
> 'https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc'
> gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing
> Key" imported gpg: Total number processed: 1 gpg: imported: 1
>
> [root@browser ~]# gpg --list-sigs "Qubes OS Release 4 Signing Key"
> pub rsa4096 2017-03-06 [SC]
> 5817A43B283DE5A9181A522E1848792F9E2795E9 uid [ unknown]
> Qubes OS Release 4 Signing Key sig 31848792F9E2795E9
> 2017-03-06 Qubes OS Release 4 Signing Key
>
> The above gpg command --list-sigs failed to return the line: "sig
> DDFA1A3E36879494 2017-03-08 Qubes Master Signing Key"
>
> How should I proceed from here? My objective is to download and
> install a new ISO on another machine. BTW, I've had great success
> using Qubes-os for over 2 years with my first installation. I'm
> grateful for everyone working to maintain it and support it.
>
It works for me:
$ gpg2 --list-sigs "Qubes OS Release 4 Signing Key"
pub rsa4096 2017-03-06 [SC]
5817A43B283DE5A9181A522E1848792F9E2795E9
uid [ full ] Qubes OS Release 4 Signing Key
sig 31848792F9E2795E9 2017-03-06 Qubes OS Release 4 Signing Key
sig DDFA1A3E36879494 2017-03-08 Qubes Master Signing Key
Is it possible that you haven't imported the Qubes Master Signing Key
into your keyring?
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl2SjYMACgkQ203TvDlQ
MDCGyRAAiIiIZFkCZ5dgpW+9HlQi6Ydz3o1oFhzzCD1aBJA1u5vawNPDql0zxiy7
RB2EFn1cBk4zRzpMMmWtUWSTbKKWmnWed6MyG5wtDhcKpCOe/XTTJLQtE/60zzmA
oy3JzhLMeX/yFtDQm2ugiLhi694LtaxI67F+inqRgq4V3pBKLVbjsLvJkIMtvHko
t5PKCtE7tFmsZ1AOl3SURr7VkqPap9H7cdtN6J/e83BN9eo7/lFcjKYtyg+seaw0
dNQbBVk6x05WEYlcbFT9VA2Tyv+Nx+KzlCIDXRXN0G8a6Afle7TTPsAL3sfsKozE
qlwVsYnhd6MownSjrzYZQYo0t0TX15+QSkcybYR4bMWWnindlenTuHFZ5S2kFIsp
O7y6+fRugSD0pk9pt3ozX6vNTCIpwGiVuuOLEcht8yYuxXMnfB1+XDscvm/Ql4VD
Xoqm0a0F8GzSkXyggPkheeoSUGcWPDJ5+EtH1Ts8uFlnT7Ffll8Mmtc395z0SHCd
oV6ylVoMdDRw7VqkjsmhF28HPodeVv1sqMPlhtaoX55ZBm3fuXQiLKWpXJ66dPRt
yrUrMoFbp79XC9sxy/4dAw8pb5Y+wlv4oBrDcJllj3FRQJOTQxgaOK3pZaECJieb
PL6fIHAvWQKMM5s7A+sYPpzWPuB7nFAzoBdG5VEb8udmj7TrmOo=
=8z1c
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/3b070874-ac61-87ea-f0c4-7b961d73a566%40qubes-os.org.