Discussion:
Did I verify Tails correctly?
(too old to reply)
megamindyourbusiness02-ruvOiOuSH0dWk0Htik3J/
2014-10-02 16:59:53 UTC
Permalink
I'm not sure if I've verified the Tails key correctly. I've attached an
image file in the email attachment to show you my results. When I tried to
decrypt/verify the tails-signing.key file, the results said that no
signatures are found.

According to your instructions on
https://tails.boum.org/download/index.en.html, I am supposed to see this
warning as a way to verify the signature:

"Not enough information to check the signature validity.
Signed on ... by tails-***@public.gmane.org (Key ID: 0xBE2CD9C1
The validity of the signature cannot be verified."

The above warning is not the same as the warning I received in the
verification results, which is why I don't know if did everything right.
Soul Plane
2014-10-02 19:34:23 UTC
Permalink
Post by megamindyourbusiness02-ruvOiOuSH0dWk0Htik3J/
I'm not sure if I've verified the Tails key correctly. I've attached an
image file in the email attachment to show you my results. When I tried to
decrypt/verify the tails-signing.key file, the results said that no
signatures are found.
According to your instructions on
https://tails.boum.org/download/index.en.html, I am supposed to see this
"Not enough information to check the signature validity.
The validity of the signature cannot be verified."
The above warning is not the same as the warning I received in the
verification results, which is why I don't know if did everything right.
You are using gpg4win Kleopatra and the Tails signing key as your input
file which is not correct. Also there is no level of trust (I think) for a
newly imported signing key which is why even if you do it correctly in gpg
or kleopatra it is going to have a warning. In kleopatra you might need to
sign the tails signing key with your key if you have one, and I don't know
if even that is enough. It's easier to use gpg I think. Assuming you have
followed the warnings for obtaining the signing key do this:

gpg --import tails-signing.key
gpg --verify tails-i386-1.1.2.iso.sig
gpg: Signature made 09/24/14 17:52:10 Eastern Daylight Time using RSA key
ID BE2CD9C1
gpg: Good signature from "Tails developers (signing key) <tails-***@public.gmane.org>"
[unknown]
gpg: aka "T(A)ILS developers (signing key) <amnesia-***@public.gmane.org>"
[unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 0D24 B36A A9A2 A651 7878 7645 1202 821C BE2C D9C1
Loading...