On Thu, Oct 2, 2014 at 12:59 PM, <[email protected]> wrote:
> I'm not sure if I've verified the Tails key correctly. I've attached an > image file in the email attachment to show you my results. When I tried to > decrypt/verify the tails-signing.key file, the results said that no > signatures are found. > > According to your instructions on > https://tails.boum.org/download/index.en.html, I am supposed to see this > warning as a way to verify the signature: > > "Not enough information to check the signature validity. > Signed on ... by [email protected] (Key ID: 0xBE2CD9C1 > The validity of the signature cannot be verified." > > The above warning is not the same as the warning I received in the > verification results, which is why I don't know if did everything right. > You are using gpg4win Kleopatra and the Tails signing key as your input file which is not correct. Also there is no level of trust (I think) for a newly imported signing key which is why even if you do it correctly in gpg or kleopatra it is going to have a warning. In kleopatra you might need to sign the tails signing key with your key if you have one, and I don't know if even that is enough. It's easier to use gpg I think. Assuming you have followed the warnings for obtaining the signing key do this: gpg --import tails-signing.key gpg --verify tails-i386-1.1.2.iso.sig gpg: Signature made 09/24/14 17:52:10 Eastern Daylight Time using RSA key ID BE2CD9C1 gpg: Good signature from "Tails developers (signing key) <[email protected]>" [unknown] gpg: aka "T(A)ILS developers (signing key) <[email protected]>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0D24 B36A A9A2 A651 7878 7645 1202 821C BE2C D9C1
_______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
