Hi I am trying to follow the directions on the page https://www.debian.org/CD/verify for verifying authenticity of CDs (meaning the iso files downloaded from debian's page). The page has iso files then SHAxSUM files and SHAxSUM.sign files.
I have already run sha512sum command to verify the iso file. But I am having difficulty in the next step... which is " To ensure that the checksums files themselves are correct, use GnuPG to verify them against the accompanying signature files (e.g. SHA512SUMS.sign). The keys used for these signatures are all in the Debian GPG keyring <https://keyring.debian.org> and the best way to check them is to use that keyring to validate via the web of trust. To make life easier for users, here are the fingerprints for the keys that have been used for releases in recent years:" quoted from the page https://www.debian.org/CD/verify when I run the command gpg --verify SHAxSUM.sign SHAxSUM I get the following message gpgv: unknown type of key resource 'trustedkeys.kbx' gpgv: keyblock resource '/home/user/.gnupg/trustedkeys.kbx': General error gpgv: Signature made Sun 10 May 2020 03:17:55 AM +03 gpgv: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B gpgv: Can't check signature: No public key How should I proceed to check signature. Thank you in advance for your help
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
