[issue] Can't Verify PGP

As the title states, I get a different output then listed:

usr@usr:~$ gpg --keyserver keys.gnupg.net --recv 04EF2F666D36C354058B9DD450C78B6F9FF2EC85
gpg: keyring `/home/usr/.gnupg/secring.gpg' created
gpg: keyring `/home/usr/.gnupg/pubring.gpg' created
gpg: requesting key 9FF2EC85 from hkp server keys.gnupg.net
gpg: key 9FF2EC85: public key "HulaHoop" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
usr@usr:~$ gpg --check-sigs "04EF 2F66 6D36 C354 058B 9DD4 50C7 8B6F 9FF2 EC85"
pub   4096R/9FF2EC85 2018-11-26
uid                  HulaHoop
sig!3        9FF2EC85 2018-11-26  HulaHoop
sub   4096R/CEE41ACC 2018-11-26
sig!         9FF2EC85 2018-11-26  HulaHoop

1 signature not checked due to a missing key
usr@usr:~$ 

I’m assuming this is a documentation issue, but want to verify.
Either way, the documentation should be made more clear.

archive [dot] is/1Eq50#Verify_the_Whonix_.E2.84.A2_Images


The documentation says the output should be:

gpg: key 0x50C78B6F9FF2EC85: public key "HulaHoop" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub   rsa4096/0x50C78B6F9FF2EC85 2018-11-26 [SCEA]
      04EF2F666D36C354058B9DD450C78B6F9FF2EC85
uid                   [ unknown] HulaHoop
sig!         0x8D66066A2EEACCDA 2018-12-14  Patrick Schleizer <adrelanos@riseup.net>
sig!3        0x50C78B6F9FF2EC85 2018-11-26  HulaHoop
sub   rsa4096/0xEB27D2F8CEE41ACC 2018-11-26 [SEA]
sig!         0x50C78B6F9FF2EC85 2018-11-26  HulaHoop

gpg: 3 good signatures

The output matches up.

Your output

9FF2EC85

Documentation matches your output. One is a long key id. the other is short.

0x50C78B6F9FF2EC85

0x50C78B6F 9FF2EC85

You still need to Verify the archive with Hulahoop’s key. (step 4)

1 Like

@0brand Thanks!

You may want to consider updating the documentation to reflect this.

Hi fdafdsfdsfdcfdsd1

Its a little late… Welcome to the Whonix community!

When I run steps for verification I get the same output thats on that page.

1 Like

Created [Help Welcome] KVM Development - staying the course - #313 by Patrick for it.

I am having the same issue. I would not care if it verified at the end. What am I missing?

gpg --verify Whonix*.libvirt.xz.asc Whonix*.libvirt.xz

gpg: Signature made Sun 09 Feb 2020 06:37:33 PM PST
gpg: using RSA key 66F46246C900707FF10DC1E4EB27D2F8CEE41ACC
gpg: BAD signature from “HulaHoop” [unknown]

re-download

1 sginature not checked due to a missing key

any idea how to fix that?

gpg usability mess. Need to import the missing key. Which in this case means my key.

1 Like