BAD signature when trying to verify SHA256SUMS for Bionic Beaver ISO












0















I am attempting to verify my download of Bionic Beaver on Windows 7.



I feel like I am missing something very obvious.



I went to http://releases.ubuntu.com/bionic/ and clicked on both SHA256SUMS and SHA256SUMS.gpg



It seems like this does not download the files, but opens the text in the files in new tabs.



I used Ctrl-A and then copied the text into Notepad, naming the files SHA256SUMS and SHA256SUMS.gpg.



I made sure that windows didn't add any weird extensions when saving.



I manually downloaded both keys I used from https://keyserver.ubuntu.com, one with fingerprint



C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451


and the other with fingerprint



8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092


After I downloaded both keys I certified them with my personal key using Kleopatra, after verifying the key fingerprint with those at help.ubuntu.com.



When I ran



gpg --verify SHA256SUMS.gpg SHA256SUMS


I got



gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]


When I ran



gpg --verbose --verify SHA256SUMS.gpg SHA256SUMS


I got



gpg: armor header: Version: GnuPG v1
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: using pgp trust model
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm dsa1024
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096


I tried copying the data from SHA256SUMS and SHA256SUMS.gpg tabs over TOR instead, in case it was a local network problem, but no dice either.



What am I missing here? Is there some way to download the SHA256SUMS and SHA256SUMS.gpg files directly, as opposed to copying the data into a text editor and saving it?



Any help would be very appreciated. I am very confused and frustrated at this point.










share|improve this question





























    0















    I am attempting to verify my download of Bionic Beaver on Windows 7.



    I feel like I am missing something very obvious.



    I went to http://releases.ubuntu.com/bionic/ and clicked on both SHA256SUMS and SHA256SUMS.gpg



    It seems like this does not download the files, but opens the text in the files in new tabs.



    I used Ctrl-A and then copied the text into Notepad, naming the files SHA256SUMS and SHA256SUMS.gpg.



    I made sure that windows didn't add any weird extensions when saving.



    I manually downloaded both keys I used from https://keyserver.ubuntu.com, one with fingerprint



    C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451


    and the other with fingerprint



    8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092


    After I downloaded both keys I certified them with my personal key using Kleopatra, after verifying the key fingerprint with those at help.ubuntu.com.



    When I ran



    gpg --verify SHA256SUMS.gpg SHA256SUMS


    I got



    gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
    gpg: using DSA key 46181433FBB75451
    gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
    om>" [full]
    gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
    gpg: using RSA key D94AA3F0EFE21092
    gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
    buntu.com>" [full]


    When I ran



    gpg --verbose --verify SHA256SUMS.gpg SHA256SUMS


    I got



    gpg: armor header: Version: GnuPG v1
    gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
    gpg: using DSA key 46181433FBB75451
    gpg: using pgp trust model
    gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
    om>" [full]
    gpg: binary signature, digest algorithm SHA512, key algorithm dsa1024
    gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
    gpg: using RSA key D94AA3F0EFE21092
    gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
    buntu.com>" [full]
    gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096


    I tried copying the data from SHA256SUMS and SHA256SUMS.gpg tabs over TOR instead, in case it was a local network problem, but no dice either.



    What am I missing here? Is there some way to download the SHA256SUMS and SHA256SUMS.gpg files directly, as opposed to copying the data into a text editor and saving it?



    Any help would be very appreciated. I am very confused and frustrated at this point.










    share|improve this question



























      0












      0








      0


      1






      I am attempting to verify my download of Bionic Beaver on Windows 7.



      I feel like I am missing something very obvious.



      I went to http://releases.ubuntu.com/bionic/ and clicked on both SHA256SUMS and SHA256SUMS.gpg



      It seems like this does not download the files, but opens the text in the files in new tabs.



      I used Ctrl-A and then copied the text into Notepad, naming the files SHA256SUMS and SHA256SUMS.gpg.



      I made sure that windows didn't add any weird extensions when saving.



      I manually downloaded both keys I used from https://keyserver.ubuntu.com, one with fingerprint



      C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451


      and the other with fingerprint



      8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092


      After I downloaded both keys I certified them with my personal key using Kleopatra, after verifying the key fingerprint with those at help.ubuntu.com.



      When I ran



      gpg --verify SHA256SUMS.gpg SHA256SUMS


      I got



      gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
      gpg: using DSA key 46181433FBB75451
      gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
      om>" [full]
      gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
      gpg: using RSA key D94AA3F0EFE21092
      gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
      buntu.com>" [full]


      When I ran



      gpg --verbose --verify SHA256SUMS.gpg SHA256SUMS


      I got



      gpg: armor header: Version: GnuPG v1
      gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
      gpg: using DSA key 46181433FBB75451
      gpg: using pgp trust model
      gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
      om>" [full]
      gpg: binary signature, digest algorithm SHA512, key algorithm dsa1024
      gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
      gpg: using RSA key D94AA3F0EFE21092
      gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
      buntu.com>" [full]
      gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096


      I tried copying the data from SHA256SUMS and SHA256SUMS.gpg tabs over TOR instead, in case it was a local network problem, but no dice either.



      What am I missing here? Is there some way to download the SHA256SUMS and SHA256SUMS.gpg files directly, as opposed to copying the data into a text editor and saving it?



      Any help would be very appreciated. I am very confused and frustrated at this point.










      share|improve this question
















      I am attempting to verify my download of Bionic Beaver on Windows 7.



      I feel like I am missing something very obvious.



      I went to http://releases.ubuntu.com/bionic/ and clicked on both SHA256SUMS and SHA256SUMS.gpg



      It seems like this does not download the files, but opens the text in the files in new tabs.



      I used Ctrl-A and then copied the text into Notepad, naming the files SHA256SUMS and SHA256SUMS.gpg.



      I made sure that windows didn't add any weird extensions when saving.



      I manually downloaded both keys I used from https://keyserver.ubuntu.com, one with fingerprint



      C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451


      and the other with fingerprint



      8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092


      After I downloaded both keys I certified them with my personal key using Kleopatra, after verifying the key fingerprint with those at help.ubuntu.com.



      When I ran



      gpg --verify SHA256SUMS.gpg SHA256SUMS


      I got



      gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
      gpg: using DSA key 46181433FBB75451
      gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
      om>" [full]
      gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
      gpg: using RSA key D94AA3F0EFE21092
      gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
      buntu.com>" [full]


      When I ran



      gpg --verbose --verify SHA256SUMS.gpg SHA256SUMS


      I got



      gpg: armor header: Version: GnuPG v1
      gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
      gpg: using DSA key 46181433FBB75451
      gpg: using pgp trust model
      gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
      om>" [full]
      gpg: binary signature, digest algorithm SHA512, key algorithm dsa1024
      gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
      gpg: using RSA key D94AA3F0EFE21092
      gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
      buntu.com>" [full]
      gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096


      I tried copying the data from SHA256SUMS and SHA256SUMS.gpg tabs over TOR instead, in case it was a local network problem, but no dice either.



      What am I missing here? Is there some way to download the SHA256SUMS and SHA256SUMS.gpg files directly, as opposed to copying the data into a text editor and saving it?



      Any help would be very appreciated. I am very confused and frustrated at this point.







      iso gnupg tor checksums






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 18 at 6:48









      unutbu

      872918




      872918










      asked Jan 17 at 21:42









      ConfusedTortoiseConfusedTortoise

      112




      112






















          2 Answers
          2






          active

          oldest

          votes


















          1














          ostensibly_work over at reddit solved the problem.



          I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.



          Thanks for the help everyone!






          share|improve this answer

































            0














            The key D94AA3F0EFE21092 is correct and is working (although it is not certified)



            The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.



            Download the files from the browser or use some utility.



            The keys in linux work!






            share|improve this answer























              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "89"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1110673%2fbad-signature-when-trying-to-verify-sha256sums-for-bionic-beaver-iso%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              1














              ostensibly_work over at reddit solved the problem.



              I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.



              Thanks for the help everyone!






              share|improve this answer






























                1














                ostensibly_work over at reddit solved the problem.



                I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.



                Thanks for the help everyone!






                share|improve this answer




























                  1












                  1








                  1







                  ostensibly_work over at reddit solved the problem.



                  I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.



                  Thanks for the help everyone!






                  share|improve this answer















                  ostensibly_work over at reddit solved the problem.



                  I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.



                  Thanks for the help everyone!







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Jan 18 at 6:02









                  unutbu

                  872918




                  872918










                  answered Jan 18 at 2:43









                  ConfusedTortoiseConfusedTortoise

                  112




                  112

























                      0














                      The key D94AA3F0EFE21092 is correct and is working (although it is not certified)



                      The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.



                      Download the files from the browser or use some utility.



                      The keys in linux work!






                      share|improve this answer




























                        0














                        The key D94AA3F0EFE21092 is correct and is working (although it is not certified)



                        The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.



                        Download the files from the browser or use some utility.



                        The keys in linux work!






                        share|improve this answer


























                          0












                          0








                          0







                          The key D94AA3F0EFE21092 is correct and is working (although it is not certified)



                          The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.



                          Download the files from the browser or use some utility.



                          The keys in linux work!






                          share|improve this answer













                          The key D94AA3F0EFE21092 is correct and is working (although it is not certified)



                          The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.



                          Download the files from the browser or use some utility.



                          The keys in linux work!







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Jan 18 at 3:17









                          Carlos DagorretCarlos Dagorret

                          519214




                          519214






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Ask Ubuntu!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1110673%2fbad-signature-when-trying-to-verify-sha256sums-for-bionic-beaver-iso%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              How to change which sound is reproduced for terminal bell?

                              Can I use Tabulator js library in my java Spring + Thymeleaf project?

                              Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents