Hi, Pier Antonio Corradini wrote: > Autenticity control (gpg --verify SHA512SUMS.sign SHA512SUMS.txt): > [...] > gpg: utilizzando la chiave RSA > DF9B9C49EAA9298432589D76DA87E80D6294BE9B > gpg: Firma BAD da "Debian CD signing key <debian...@lists.debian.org>"
I assume that "Firma BAD" means bad signature. I get a different result: wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS.sign gpg --verify SHA512SUMS.sign SHA512SUMS yields gpg: Good signature from "Debian CD signing key <debian...@lists.debian.org>" The MD5 and SHA512 sum of SHA512SUMS are ad6d99aab91a4ec4d3293afc0dfbd95d 36bf1f16bc4b9795122b7b3542a32f34c3be0ef294ff3a8bf43232df6554b69b569fe15d93c79ee48a47902e1a6ad87ca9966988cd4bf9db684f7dd7eda7813a The ones of SHA512SUMS.sign are fb3d950c9472f35bd06add950ccfe991 0095bd988c97a7bd0400704ffd3d0fe64a33057b5eaed7530973fac4e039cc366bc5c144413cdb48a591fa5a5d9bd8240721d797964ca453b5981d90ed8e1a13 So which one of your downloaded SHA512SUMS* files deviates from these ? Have a nice day :) Thomas
