BAD signature when trying to verify SHA256SUMS for Bionic Beaver ISO
I am attempting to verify my download of Bionic Beaver on Windows 7.
I feel like I am missing something very obvious.
I went to http://releases.ubuntu.com/bionic/ and clicked on both SHA256SUMS and SHA256SUMS.gpg
It seems like this does not download the files, but opens the text in the files in new tabs.
I used Ctrl-A and then copied the text into Notepad, naming the files SHA256SUMS and SHA256SUMS.gpg.
I made sure that windows didn't add any weird extensions when saving.
I manually downloaded both keys I used from https://keyserver.ubuntu.com
, one with fingerprint
C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451
and the other with fingerprint
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
After I downloaded both keys I certified them with my personal key using Kleopatra, after verifying the key fingerprint with those at help.ubuntu.com.
When I ran
gpg --verify SHA256SUMS.gpg SHA256SUMS
I got
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]
When I ran
gpg --verbose --verify SHA256SUMS.gpg SHA256SUMS
I got
gpg: armor header: Version: GnuPG v1
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: using pgp trust model
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm dsa1024
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096
I tried copying the data from SHA256SUMS and SHA256SUMS.gpg tabs over TOR instead, in case it was a local network problem, but no dice either.
What am I missing here? Is there some way to download the SHA256SUMS and SHA256SUMS.gpg files directly, as opposed to copying the data into a text editor and saving it?
Any help would be very appreciated. I am very confused and frustrated at this point.
iso gnupg tor checksums
add a comment |
I am attempting to verify my download of Bionic Beaver on Windows 7.
I feel like I am missing something very obvious.
I went to http://releases.ubuntu.com/bionic/ and clicked on both SHA256SUMS and SHA256SUMS.gpg
It seems like this does not download the files, but opens the text in the files in new tabs.
I used Ctrl-A and then copied the text into Notepad, naming the files SHA256SUMS and SHA256SUMS.gpg.
I made sure that windows didn't add any weird extensions when saving.
I manually downloaded both keys I used from https://keyserver.ubuntu.com
, one with fingerprint
C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451
and the other with fingerprint
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
After I downloaded both keys I certified them with my personal key using Kleopatra, after verifying the key fingerprint with those at help.ubuntu.com.
When I ran
gpg --verify SHA256SUMS.gpg SHA256SUMS
I got
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]
When I ran
gpg --verbose --verify SHA256SUMS.gpg SHA256SUMS
I got
gpg: armor header: Version: GnuPG v1
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: using pgp trust model
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm dsa1024
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096
I tried copying the data from SHA256SUMS and SHA256SUMS.gpg tabs over TOR instead, in case it was a local network problem, but no dice either.
What am I missing here? Is there some way to download the SHA256SUMS and SHA256SUMS.gpg files directly, as opposed to copying the data into a text editor and saving it?
Any help would be very appreciated. I am very confused and frustrated at this point.
iso gnupg tor checksums
add a comment |
I am attempting to verify my download of Bionic Beaver on Windows 7.
I feel like I am missing something very obvious.
I went to http://releases.ubuntu.com/bionic/ and clicked on both SHA256SUMS and SHA256SUMS.gpg
It seems like this does not download the files, but opens the text in the files in new tabs.
I used Ctrl-A and then copied the text into Notepad, naming the files SHA256SUMS and SHA256SUMS.gpg.
I made sure that windows didn't add any weird extensions when saving.
I manually downloaded both keys I used from https://keyserver.ubuntu.com
, one with fingerprint
C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451
and the other with fingerprint
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
After I downloaded both keys I certified them with my personal key using Kleopatra, after verifying the key fingerprint with those at help.ubuntu.com.
When I ran
gpg --verify SHA256SUMS.gpg SHA256SUMS
I got
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]
When I ran
gpg --verbose --verify SHA256SUMS.gpg SHA256SUMS
I got
gpg: armor header: Version: GnuPG v1
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: using pgp trust model
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm dsa1024
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096
I tried copying the data from SHA256SUMS and SHA256SUMS.gpg tabs over TOR instead, in case it was a local network problem, but no dice either.
What am I missing here? Is there some way to download the SHA256SUMS and SHA256SUMS.gpg files directly, as opposed to copying the data into a text editor and saving it?
Any help would be very appreciated. I am very confused and frustrated at this point.
iso gnupg tor checksums
I am attempting to verify my download of Bionic Beaver on Windows 7.
I feel like I am missing something very obvious.
I went to http://releases.ubuntu.com/bionic/ and clicked on both SHA256SUMS and SHA256SUMS.gpg
It seems like this does not download the files, but opens the text in the files in new tabs.
I used Ctrl-A and then copied the text into Notepad, naming the files SHA256SUMS and SHA256SUMS.gpg.
I made sure that windows didn't add any weird extensions when saving.
I manually downloaded both keys I used from https://keyserver.ubuntu.com
, one with fingerprint
C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451
and the other with fingerprint
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
After I downloaded both keys I certified them with my personal key using Kleopatra, after verifying the key fingerprint with those at help.ubuntu.com.
When I ran
gpg --verify SHA256SUMS.gpg SHA256SUMS
I got
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]
When I ran
gpg --verbose --verify SHA256SUMS.gpg SHA256SUMS
I got
gpg: armor header: Version: GnuPG v1
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using DSA key 46181433FBB75451
gpg: using pgp trust model
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.c
om>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm dsa1024
gpg: Signature made 11/29/18 16:27:43 US Mountain Standard Time
gpg: using RSA key D94AA3F0EFE21092
gpg: BAD signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@u
buntu.com>" [full]
gpg: binary signature, digest algorithm SHA512, key algorithm rsa4096
I tried copying the data from SHA256SUMS and SHA256SUMS.gpg tabs over TOR instead, in case it was a local network problem, but no dice either.
What am I missing here? Is there some way to download the SHA256SUMS and SHA256SUMS.gpg files directly, as opposed to copying the data into a text editor and saving it?
Any help would be very appreciated. I am very confused and frustrated at this point.
iso gnupg tor checksums
iso gnupg tor checksums
edited Jan 18 at 6:48
unutbu
872918
872918
asked Jan 17 at 21:42
ConfusedTortoiseConfusedTortoise
112
112
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
ostensibly_work over at reddit solved the problem.
I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.
Thanks for the help everyone!
add a comment |
The key D94AA3F0EFE21092 is correct and is working (although it is not certified)
The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.
Download the files from the browser or use some utility.
The keys in linux work!
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1110673%2fbad-signature-when-trying-to-verify-sha256sums-for-bionic-beaver-iso%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
ostensibly_work over at reddit solved the problem.
I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.
Thanks for the help everyone!
add a comment |
ostensibly_work over at reddit solved the problem.
I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.
Thanks for the help everyone!
add a comment |
ostensibly_work over at reddit solved the problem.
I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.
Thanks for the help everyone!
ostensibly_work over at reddit solved the problem.
I did not realize that right clicking and selecting "Save Link as" downloads the file directly. With that, the gpg signature checks out.
Thanks for the help everyone!
edited Jan 18 at 6:02
unutbu
872918
872918
answered Jan 18 at 2:43
ConfusedTortoiseConfusedTortoise
112
112
add a comment |
add a comment |
The key D94AA3F0EFE21092 is correct and is working (although it is not certified)
The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.
Download the files from the browser or use some utility.
The keys in linux work!
add a comment |
The key D94AA3F0EFE21092 is correct and is working (although it is not certified)
The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.
Download the files from the browser or use some utility.
The keys in linux work!
add a comment |
The key D94AA3F0EFE21092 is correct and is working (although it is not certified)
The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.
Download the files from the browser or use some utility.
The keys in linux work!
The key D94AA3F0EFE21092 is correct and is working (although it is not certified)
The key 46181433FBB75451 is not valid, as the document you mention from help.ubuntu.com says, it is deprecated.
Download the files from the browser or use some utility.
The keys in linux work!
answered Jan 18 at 3:17
Carlos DagorretCarlos Dagorret
519214
519214
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1110673%2fbad-signature-when-trying-to-verify-sha256sums-for-bionic-beaver-iso%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown