Hello community,
I'm really looking forward to try (K)ubuntu but I've got a problem with understanding the verification of the iso...
In general I understand what I have to do:
1) download iso, sha256 and gpg-file
2) then verify the sha256-checksum-file with help of the gpg file
3) then verify the iso file with the sha256-checksum-file
I'm using these instructions: https://ubuntu.com/tutorials/how-to-...ha256-checksum
After adding the server-keys to my "keyring" (step 4), I type "gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMS.txt" in the console to verify the checksumfile. My output is something like this:
"gpg: Signature made 01.04.2021 18:12:56 Mitteleuropäische Sommerzeit using RSA key ID D94AA3F0EFE21092
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092"
This seems good to me... But: I only get the verification for this one "RSA Key ID D94...." In the Description theres another second "DSA key ID 46..." in the output-message. Another description I found also says that I have to check the two "Good Signature from..." Messages.
Why don't I get the OK for both keys? Is my file okay? I added both keys to my "keyring" like in the description before... Why are there two btw?
Btw I tried it with Ubuntu and Kubuntu 20.04.2 LTS.
Thanks a lot for your support and excuse my english. Its not my home-language.
Cheers
Thanks a lot
Bookmarks