-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(reported first in the forums by benbullard79)
See:
cer@Telcontar:/data/storage_b/Isos/isos_12.2> gpg --verify openSUSE-DVD-Build0050-x86_64.iso.sig openSUSE-DVD-Build0050-x86_64.iso
gpg: Signature made 2012-07-11T15:08:33 CEST using RSA key ID 3DBDC284
gpg: Can't check signature: No public key
So get the key:
cer@Telcontar:/data/storage_b/Isos/isos_12.2> gpg --recv-key 3DBDC284
gpg: requesting key 3DBDC284 from hkp server pgp.mit.edu
gpg: key 3DBDC284: public key "openSUSE Project Signing Key " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
So verify the ISO:
cer@Telcontar:/data/storage_b/Isos/isos_12.2> gpg --verify
openSUSE-DVD-Build0050-x86_64.iso.sig openSUSE-DVD-Build0050-x86_64.iso
gpg: Signature made 2012-07-11T15:08:33 CEST using RSA key ID 3DBDC284
gpg: Good signature from "openSUSE Project Signing Key "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
However, the documentation at http://software.opensuse.org/developer/en
says:
+++··············
gpg signature offers the most security as you can verify who signed it. It
should be 4E98 E675 19D9 8DC7 362A 5990 E3A5 C360 307E 3D54.
··············++-
The fingerprint does not match.
Is the documentation wrong, or has the ISO been signed with the wrong key?
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAlAAzowACgkQtTMYHG2NR9UfEQCcDPebL6BiphmkUywt2S22xLIm
QkAAnRQ3dnh2qbEVUqILdjvIj5O2I7pC
=E3Ly
-----END PGP SIGNATURE-----