On Tue, Nov 15, 2022 at 12:22 PM Thomas George <debianl...@mailfence.com> wrote: > > Close, almost there. At the end something goes wrong. Here is the output: > > gpg2 keyserver keyring.debian.org --recv DF98...BE9B > > gpg: /root/.gnupg/trustdb.gpg: trust.db created > > gpg: key DA87E80D6294BE9B: public key "Debian CD signing key > <debian...@lists.debian.org>" imported > > gpg: Total number processed: 1 > > gpg: Imported: 1 > > gpg2 --verify SHA512SUMS.sign SHA512SUMS > > gpg: Signature made Sat 10 Oct 07:00:08 PM EDT > > ..........using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B > > gpg: Good signature from "Debian CD signing key > <debian...@lists.debian.org>" [unknown] > > ...gpg: WARNING: This key is not certified with a trusted signature! > > ......There is no indication that the signature belongs to the owner > > ...Primary key fingerprint: DF9B9C49EAA9298432589D76DA87E80D6294BE9B > > gpg2 --verify SHA512SUMS.sign debian-11.5.0-amd64-netinst.iso > > ...gpg: Signature made Sat 10 Oct 07:00:08 PM EDT > > ...gpg: using RSA DF9B9C49EAA9298432589D76DA87E80D6294BE9B > > ...gpg: BAD signature from "Debian CD signing key > <debain...@lists.debian.org>" [unknown]
It sounds a lot like https://askubuntu.com/q/1110673 and https://forums.linuxmint.com/viewtopic.php?t=293108 . Jeff