Hi, cybertat...@gmail.com wrote: > gpg: WARNING: This key is not certified with a trusted signature!
That's normal. The concept of a "web of trust" suffers from the fact that most people which i know good enough to trust them in general have no idea of PGP and thus are not really trustworthy in special. https://en.wikipedia.org/wiki/Web_of_trust The best verification you can get outside the web of trust is the key fingerprint which must match one of the published fingerprints on https://www.debian.org/CD/verify I deem them trustworthy because they did not change in years. (Cryptographers might object that old keys are poor keys. But they will also be right with telling you that cryptography is a minefield and thus amateurs like us should stay away from it.) > And can you explain to me what is it, please? > $ alias | grep sha > alias sha1='/usr/bin/openssl dgst -sha1 ' > alias sha256='/usr/bin/openssl dgst -sha256 ' > alias sha512='/usr/bin/openssl dgst -sha512 ' Shell commands "sha1", "sha256", and "sha512" were somewhere defined to actually be runs of program /usr/bin/openssl with the checksum algorithms given by the command names. Usually people get told to use shell commands "sha256sum" and "sha512sum" which are supposed to run the programs /usr/bin/sha256sum and /usr/bin/sha512sum from package "coreutils". In order to find out from where the "alias" definitions stem, you will have to check the startup scripts of your shell. Like ~/.bashrc . Have a nice day :) Thomas
