After you import both the master and signing keys, you can check them with
'gpg --check-sigs' which should have output like this:
pub rsa4096 2017-03-06 [SC]
5817A43B283DE5A9181A522E1848792F9E2795E9
uid [ unknown] Qubes OS Release 4 Signing Key
sig!31848792F9E2795E9 2017
On Mon, Jan 01, 2018 at 08:44:22AM -0800, Kyle Breneman wrote:
> I have successfully verified the fingerprint for the Qubes Master Signing
> Key. I have verified the Release 3 ISO signature using the Qubes Release 3
> Signing Key. How do I verify that the Release 3 signing key is good? Do I
> s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2018-01-01 10:44, Kyle Breneman wrote:
> I have successfully verified the fingerprint for the Qubes Master
> Signing Key. I have verified the Release 3 ISO signature using
> the Qubes Release 3 Signing Key. How do I verify that the Release
> 3 s
On 01/01/2018 11:44 AM, Kyle Breneman wrote:
I have successfully verified the fingerprint for the Qubes Master Signing Key.
I have verified the Release 3 ISO signature using the Qubes Release 3 Signing
Key. How do I verify that the Release 3 signing key is good? Do I somehow use
the Qubes Mas
I have successfully verified the fingerprint for the Qubes Master Signing Key.
I have verified the Release 3 ISO signature using the Qubes Release 3 Signing
Key. How do I verify that the Release 3 signing key is good? Do I somehow use
the Qubes Master Signing Key to verify the authenticity of t