Debian iso corrupted or am i doing wrong?

[openZource]

Using info from page: https://www.debian.org/CD/verify

pub rsa4096/DA87E80D6294BE9B 2011-01-05 [SC]
Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
uid Debian CD signing key <debian-cd@lists.debian.org>

0xDA87E80D6294BE9B

This is what i type in terminal:

Code: Select all

lab@lab:~/Desktop/DEBIAN_may2023$ gpg --keyserver keyring.debian.org --recv-keys 0xDA87E80D6294BE9B
gpg: key DA87E80D6294BE9B: "Debian CD signing key <debian-cd@lists.debian.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
lab@lab:~/Desktop/DEBIAN_may2023$ gpg --verify SHA512SUMS.sign SHA512SUMS.txt
gpg: Signature made Sat 29 Apr 2023 04:48:07 PM EDT
gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: BAD signature from "Debian CD signing key <debian-cd@lists.debian.org>" [unknown]

[CynicalDebian]

SHA512SUMS.txt

Why is it named this? Shouldn't it just be named SHA512SUMS? Just changing the file extension won't invalidate the signature, but be sure you haven't modified the file in some other way.

[openZource]

Thankyou
The tutorial did like that.
So the code is good? The way i used the 'DA87E80D6294BE9B' rsa number also?

I dowloaded the iso again & it's the same Fail so i'm thinking i am probably does something wrong ?

[CynicalDebian]

Thankyou
The tutorial did like that.
So the code is good? The way i used the 'DA87E80D6294BE9B' rsa number also?

I dowloaded the iso again & it's the same Fail so i'm thinking i am probably does something wrong ?

The recv keys step is correct.

Its not the iso, its the SHA512SUMS.txt file that you need to redownload. How are you downloading it, you are right clicking and hitting "save link as" right?

[openZource]

Yes when i downloaded SHA512SUMS.txt --> Save link as

Code: Select all

lab@lab:~/Desktop/DEBIAN_may2023$ gpg --verify SHA512SUMS.sign SHA512SUMS.txt
gpg: Signature made Sat 29 Apr 2023 04:48:07 PM EDT
gpg:                using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" [unknown]

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

???
A)
Last section indicates WARNING: This key is not certified with a trusted signature!
Is this because i did not get a physical copy or person to person key? ... If i recall my info searches.
B)
Last line in code quote says:

Code: Select all

Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

It is same as Debian page (https://www.debian.org/CD/verify) so i guess it means that it is legit ?

[CynicalDebian]

Last section indicates WARNING: This key is not certified with a trusted signature!
Is this because i did not get a physical copy or person to person key? ... If i recall my info searches.
B)
Last line in code quote says:

Yeah this is normal, you have a good signature and the correct key.