Choose style:

Author Topic: Checking if GPG Verification is Correct [SOLVED]  (Read 141 times)

0 Members and 1 Guest are viewing this topic.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3525
  • Karma: 273
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Checking if GPG Verification is Correct [SOLVED]
« on: December 01, 2018, 06:08:07 am »
Hello PCNetSpec,

I downloaded 64 bit Peppermint 9 two times within the last eight hours.  I did so once with our direct download and a second time using our torrent download.  I did check the md5sum and the sha256sum both times and both times the sums checked out correctly.  At the end, I did replace some kinda cloud version of Windows 10 instillation I had encountered on a refurbished HP Stream laptop with our 64 bit Peppermint 9, but I did so with a few concerns.

I've never seen the letters rsa before when verifying a GPA signature, or the mention of a missing key before, or the word unknown ever preceding your name before last night.  Still, I installed Peppermint 9.  After all, the verification process did say I had a good signature from you even if that comment was followed by the word unknown in brackets.

Those were my concerns, and I thought you should know about them, since they may end up being the concerns of others too. ;)

Thank you, PCNetSpec.

perknh


Code: [Select]
perknh@peppermint ~ $ cd ~
perknh@peppermint ~ $ gpg --list-keys
/home/perknh/.gnupg/pubring.kbx
-------------------------------
pub   rsa2048 2013-05-02 [SC]
      4A9F906613AFABEDCFA392C2E499FD0BAECF1D2F
uid           [ unknown] Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>
sub   rsa2048 2013-05-02 [E]
sub   rsa2048 2015-05-03 [S]
sub   rsa2048 2015-05-03 [E]

perknh@peppermint ~ $ gpg --keyserver keyserver.ubuntu.com --recv-keys AECF1D2F
gpg: key E499FD0BAECF1D2F: 1 signature not checked due to a missing key
gpg: key E499FD0BAECF1D2F: "Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
perknh@peppermint ~ $ gpg --fingerprint AECF1D2F
pub   rsa2048 2013-05-02 [SC]
      4A9F 9066 13AF ABED CFA3  92C2 E499 FD0B AECF 1D2F
uid           [ unknown] Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>
sub   rsa2048 2013-05-02 [E]
sub   rsa2048 2015-05-03 [S]
sub   rsa2048 2015-05-03 [E]

perknh@peppermint ~ $ gpg --verify Peppermint-9-20180621-amd64.iso.sig Peppermint-9-20180621-amd64.iso
gpg: Signature made Wed 20 Jun 2018 09:33:19 PM EDT
gpg:                using RSA key E499FD0BAECF1D2F
gpg: Good signature from "Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4A9F 9066 13AF ABED CFA3  92C2 E499 FD0B AECF 1D2F
perknh@peppermint ~ $
« Last Edit: December 01, 2018, 11:19:33 am by perknh »
We're all Peppermint users and that's what matters  ;). -- AndyInMokum

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 22902
  • Karma: 2556
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Checking if GPG Verification is Correct
« Reply #1 on: December 01, 2018, 09:34:54 am »
Al you need to be concerned with are the bits I've highlighted in red

gpg: Good signature from "Mark Greaves (PCNetSpec) <mark@pcnetspec.co.uk>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4A9F 9066 13AF ABED CFA3  92C2 E499 FD0B AECF 1D2F

If they match, you can be pretty confident the ISO was signed by me ;)

because you can check that primary key fingerprint against my OpenPGP public keys here:
https://launchpad.net/~mark-pcnetspec



RSA just stands for "Rivest–Shamir–Adleman", which is the cryptosystem used.
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
« Last Edit: December 01, 2018, 09:41:32 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3525
  • Karma: 273
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Checking if GPG Verification is Correct
« Reply #2 on: December 01, 2018, 11:19:00 am »
Thank you, PCNetSpec.  Thanks for explaining that to me.

I guess I'm all set then.  This means I've finally got myself a Pepperbook (I'm still working on its name).  It's running a light installation of Peppermint 9, and it's featuring Firefox Quantum as its browser too. 

Watch out McDonald's, here we come!  You better believe I'm going to be showing this thing off.  I've seen Windows laptops there, and I've seen Chromebooks there, but I'm quite sure nobody's seen Peppermint there.  I'm about to blow a few people's minds over at Mickey D's in Dover -- and in a terrific way too!  :o  :o  :o   :)
We're all Peppermint users and that's what matters  ;). -- AndyInMokum

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 22902
  • Karma: 2556
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Checking if GPG Verification is Correct [SOLVED]
« Reply #3 on: December 01, 2018, 12:37:26 pm »
Nice .. I wanna see a crowd around your table ;)
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec