On Fri, 2015-09-04 at 11:43 +0200, cagsm wrote:
hi there, wanted to check the bran nu leap milestone2 iso and the directory comes with a pgp message that has the sha256 sum inside.
the sha256 inside the pgp message and the .iso's sha256 are the same so it seems legit only question remains how do i make sense of the pgp message itself.
i somehow cannot gpg --verify filename.sha256 as it tells me there is no public key.
gpg --verify openSUSE-42.1-DVD-x86_64-Build0148-Media.iso.sha256 gpg: Signature made Thu 03 Sep 2015 01:24:38 PM CEST using RSA key ID 3DBDC284 gpg: Good signature from "openSUSE Project Signing Key < opensuse@opensuse.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
Of course this requires that you have the public key 3DBDC284 available in your keyring. You can get the key from the PGP infrastructure, using: gpg --recv-keys 3DBDC284 Cheers, Dominique -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org