Re: [qubes-users] Verifying Install Files: Confused About How to Verify R3 ISO file

2017-12-22 Thread Kyle Breneman 
On Wed, Dec 20, 2017 at 11:00 PM, Chris Laprise  wrote:

> On 12/20/2017 10:44 PM, Kyle Breneman wrote:
>
>> I'm new to verifying keys and signatures.  I downloaded the Qubes R3 ISO
>> file and accompanying signature file, as well as the Qubes Master Signing
>> Key.  I verified and trusted the Qubes Master Signing Key.  I am stuck on
>> how to verify the ISO file using the accompanying key.  GPG tells me that
>> it cannot check the signature as there is no public key.  See attached
>> screenshots.  What am I doing wrong?  Please help!
>>
>> Kyle
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to qubes-users+unsubscr...@googlegroups.com > qubes-users+unsubscr...@googlegroups.com>.
>> To post to this group, send email to qubes-users@googlegroups.com
>> .
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/qubes-users/CAOtZr%3DEPevaHZ%2BJsumX0hcPpEpMVu0vbu7vSmvo
>> HHME5YpeTJQ%40mail.gmail.com > sgid/qubes-users/CAOtZr%3DEPevaHZ%2BJsumX0hcPpEpMVu0vbu7vSmv
>> oHHME5YpeTJQ%40mail.gmail.com?utm_medium=email_source=footer>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> The Master key just verifies the release keys (one for each Qubes
> version). You need to import the v3 release key also.
>
> --
>
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
>

​Thanks, Chris!  ​I got one step further: successfully verifying the ISO
signature with the Qubes OS Release 3 Signing Key.  Should I still use the
Qubes Master Signing Key to verify that my Qubes OS Release 3 Signing Key
is good?  If so, how to I use gpg4win to do this?

Kyle

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOtZr%3DFS7cjm%2Bp0eApjERx5TkPE7Y_q008FOyO%3D--foAATnt3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Verifying Install Files: Confused About How to Verify R3 ISO file

2017-12-20 Thread Chris Laprise 

On 12/20/2017 10:44 PM, Kyle Breneman wrote:
I'm new to verifying keys and signatures.  I downloaded the Qubes R3 ISO 
file and accompanying signature file, as well as the Qubes Master 
Signing Key.  I verified and trusted the Qubes Master Signing Key.  I am 
stuck on how to verify the ISO file using the accompanying key.  GPG 
tells me that it cannot check the signature as there is no public key.  
See attached screenshots.  What am I doing wrong?  Please help!


Kyle

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To post to this group, send email to qubes-users@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOtZr%3DEPevaHZ%2BJsumX0hcPpEpMVu0vbu7vSmvoHHME5YpeTJQ%40mail.gmail.com 
.

For more options, visit https://groups.google.com/d/optout.


The Master key just verifies the release keys (one for each Qubes 
version). You need to import the v3 release key also.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0c3b9a26-9532-e411-20f6-01b055d4065f%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Verifying Install Files: Confused About How to Verify R3 ISO file

2017-12-20 Thread Kyle Breneman 
I'm new to verifying keys and signatures.  I downloaded the Qubes R3 ISO
file and accompanying signature file, as well as the Qubes Master Signing
Key.  I verified and trusted the Qubes Master Signing Key.  I am stuck on
how to verify the ISO file using the accompanying key.  GPG tells me that
it cannot check the signature as there is no public key.  See attached
screenshots.  What am I doing wrong?  Please help!

Kyle

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOtZr%3DEPevaHZ%2BJsumX0hcPpEpMVu0vbu7vSmvoHHME5YpeTJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.