• humuhumu@lemm.eeOP
    link
    fedilink
    arrow-up
    6
    ·
    6 months ago

    for some reasons, I can’t verify the signature of the files.

    I downloaded tail-signing.key from https://tails.net/tails-signing.key

    then made a keyring file.

    ran gpgv --keyring ./tails.keyring tails-amd64-6.4.img.sig tails-amd64-6.4.img

    it gave me error saying using EDDSA key 26D26… Can’t check signature: No public key.

    I even tried using the same keyring for 6.3 and it was fine. Only for this version I;m having trouble.

    Anyone would please confirm the SHA256SUM if you could verify the signature?

    • lnxtx@feddit.nl
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      6 months ago

      My steps which worked:

      gpg --no-default-keyring --keyring ~/tmp/trustedkeys.gpg --fingerprint
      gpg --no-default-keyring --keyring ~/tmp/trustedkeys.gpg --import ~/tmp/tails-signing.key
      gpg --no-default-keyring --keyring ~/tmp/trustedkeys.gpg --verify tails-amd64-6.4.img.sig
      

      Checksums:

      sha256sum tails-amd64-6.4.img tails-amd64-6.4.img.sig  ~/tmp/tails-signing.key
      f8c36fad61a7f8c0fce45202369f85499a1c90f1bc7e5e5b320f2de1c3fa4e8d  tails-amd64-6.4.img
      bbdd3df622d04f93b40070cd34ba423f7aeb1a7705d65b9da9cc598fc7d8e848  tails-amd64-6.4.img.sig
      73c2e478295be78d625220cd6cf7035caeab0a9c48379305ec86e83d43add953  ~/tmp/tails-signing.key
      
    • OhVenus_Baby
      link
      fedilink
      arrow-up
      2
      ·
      6 months ago

      Some Linux distros you can right click the file and there is an option to auto verify the key is correct. Linux mint is one. Use a live USB.