Hi,
I''m trying to verify the key I downloaded from the Qubes Download page
<https://www.qubes-os.org/downloads/>. According to the documentation on
the Verfying Signatures
<https://www.qubes-os.org/security/verifying-signatures/>, it looks like
there may be a discrepancy between the two.
The site says the key is:
0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
and I have the following:
~ which gpg
/usr/bin/gpg
~ ls -al /usr/bin/gpg
-rwxr-xr-x 1 root root 1151616 Nov 28 14:24 /usr/bin/gpg
~ ls -al /usr/bin/gpg2
lrwxrwxrwx 1 root root 3 Nov 28 14:24 /usr/bin/gpg2 -> gpg
~ gpg --import ~/Downloads/ISOs/qubes-release-4.2-signing-key.asc
gpg: key 0xE022E58F8E34D89F: 1 signature not checked due to a missing key
gpg: key 0xE022E58F8E34D89F: public key "Qubes OS Release 4.2 Signing Key"
imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: Note: signatures using the SHA1 algorithm are rejected
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2025-01-04
~ gpg --fingerprint Qubes
pub rsa4096/0xE022E58F8E34D89F 2022-10-04 [SC]
Key fingerprint = 9C88 4DF3 F810 64A5 69A4 A9FA E022 E58F 8E34 D89F
uid [ unknown] Qubes OS Release 4.2 Signing Key
Any help will be appreciated.
Thank you.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/44675806-54db-4b95-94ed-df90b03f104cn%40googlegroups.com.
