Web lists-archives.com

Re: Verifying Digital Signatures




On Mon, 11 Jun 2018 20:07:38 -0700
HP Garcia <portamex@xxxxxxxxxx> wrote:

> On Mon, 11 Jun 2018 10:39:29 +0200
> john doe <johndoe65534@xxxxxxxx> wrote:
> 
> > On 6/11/2018 8:32 AM, john doe wrote:  
> > > On 6/11/2018 7:43 AM, HP Garcia wrote:    
> > >> I'm following the steps to verify kernel signatures using GNUpg.
> > >> I'm following the directions from
> > >> https://www.kernel.org/category/signatures.html.
> > >>
> > >> Where I am getting stumped is verifying the tar against the
> > >> signature.
> > >>
> > >> linux-4.17  linux-4.17.tar  linux-4.17.tar.sign
> > >> root@Ultraman:/usr/src# gpg2 --verify linux-4.17.tar.sign
> > >> gpg: assuming signed data in 'linux-4.17.tar'
> > >> gpg: Signature made Sun 03 Jun 2018 02:35:54 PM PDT
> > >> gpg:                using RSA key 79BE3E4300411886
> > >> gpg: Can't check signature: No public key
> > >>
> > >> I tried several times trying to import keys belonging to Linus
> > >> Torvalds and Greg Kroah-Hartman. Using this command:
> > >>
> > >> $ gpg2 --locate-keys torvalds@xxxxxxxxxx gregkh@xxxxxxxxxx
> > >>
> > >> I'm stumped. Am I missing something?
> > >>    
> > > 
> > > Are the keys in your keyring?:
> > > 
> > > $ gpg2 --list-keys
> > > 
> > > Any errors when locating the keys?
> > >     
> > 
> > If the keys are present in your keyring, the answer by Teemu
> > Likonen <tlikonen@xxxxxx> is the next step to try.
> >   
> 
> So it looks like I am missing the keyring application.
> 
> -HP 
> 

Thanks everyone I finally got it to work.

-HP