1

Topic: Unable to "gpg --verify CHECKSUMS.TXT.gpg CHECKSUMS.TXT"

Hello dear friends,

i'm an a linux mint 19.3 64Bit system and want to check the downloaded "gparted-live-1.1.0-5-amd64.iso" file.

But if i try to "gpg --import EB1DD5BF6F88820BBCF5356C8E94C9CD163E3FB0.asc", the public key which i downloaded from the given link

https://keys.openpgp.org/vks/v1/by-fing … CD163E3FB0

it always ends up saying

gpg: Key 8E94C9CD163E3FB0: No User-ID

and the return code (echo $?) is 2.

2.
I've read that this is a general issue within the GnuPG project and someone has added an --inport-option "import-drop-uids", which allowed him to overcome this error.

But sadly my gpg does not yet understand this import-option.
Seems to be availlable on debian only?

So, is there anywhere a public key with a User ID availlable?

Or does anyone have an idea how i could verify the CHECKSUMS.TXT file?

Thank you very much for your attention.
Thank you in advance.
Your truly

richard

2

Re: Unable to "gpg --verify CHECKSUMS.TXT.gpg CHECKSUMS.TXT"

Please follow the following:
1. Retrieve key from key server, e.g.,
gpg --keyserver hkp://pgpkeys.mit.edu --recv-key 8E94C9CD163E3FB0
Or
gpg --keyserver hkp://keys.openpgp.org --recv-key 8E94C9CD163E3FB0
to retrieve the key.

2. Download CHECKSUMS.TXT, CHECKSUMS.TXT.gpg, gparted-live-1.1.0-5-amd64.iso  and gparted-live-1.1.0-5-amd64.zip

3. Run the following command to verify CHECKSUMS.TXT:
$ gpg --verify CHECKSUMS.TXT.gpg CHECKSUMS.TXT
gpg: Signature made Fri 03 Jul 2020 08:43:17 PM CST
gpg:                using RSA key EB1DD5BF6F88820BBCF5356C8E94C9CD163E3FB0
gpg: Good signature from "Steven Shiau (In Freedom We Trust) <steven@stevenshiau.org>" [unknown]
gpg:                 aka "Steven Shiau <jhshiau@yahoo.com>" [unknown]
gpg:                 aka "Steven Shiau <steven@nchc.org.tw>" [unknown]
gpg:                 aka "Steven Shiau <shiau.steven@gmail.com>" [unknown]
gpg:                 aka "Steven Shiau <steven@nchc.narl.org.tw>" [unknown]
gpg:                 aka "Steven Shiau (Clonezilla project) <steven@clonezilla.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EB1D D5BF 6F88 820B BCF5  356C 8E94 C9CD 163E 3FB0

4. Use the CHECKSUMS.TXT to verify the downloaded iso and zip file. Make sure they are in the same directory with CHECKSUMS.TXT:
$ sha256sum -c --ignore-missing CHECKSUMS.TXT
gparted-live-1.1.0-5-amd64.iso: OK
gparted-live-1.1.0-5-amd64.zip: OK
sha256sum: WARNING: 22 lines are improperly formatted

Ref: https://ubuntu.com/tutorials/how-to-verify-ubuntu

Steven

3 (edited by richard.gantz 2020-10-19 08:12:45)

Re: Unable to "gpg --verify CHECKSUMS.TXT.gpg CHECKSUMS.TXT"

[SOLVED]

Hello dear Steven,

thank you so much for your reply.
The import of the key with the first command to receive it from "hkp://pgpkeys.mit.edu" instantaneous worked!
Thank you.

I tried several similar commands with the "keys.openpgp.org", but i always just wrote "--keyserver keys.openpgp.org" and
never mentioned the protocol "hkp://".
This was the problem.
Thank you very much for your quick response.

Yours truly
richard

4

Re: Unable to "gpg --verify CHECKSUMS.TXT.gpg CHECKSUMS.TXT"

No problem. Enjoy GParted.

Steven