LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   BAD signature ? (https://www.linuxquestions.org/questions/slackware-14/bad-signature-639970/)

brodo 05-05-2008 03:52 AM
BAD signature ?
 
Sorry to bother you but am I missing something or so ?

bash-3.1$ gpg --verify slackware-12.1-install-dvd.iso.asc slackware-12.1-install-dvd.iso.md5
gpg: Signature made Fri 02 May 2008 01:45:50 AM CEST using DSA key ID 40102233
gpg: BAD signature from "Slackware Linux Project <security@slackware.com>"
bash-3.1$ ls -l
total 3959054
drwxrwxrwx 2 aaaa users 296 2008-03-07 01:21 1
-rw-r--r-- 1 aaaa users 580306 2008-05-05 10:39 CHECKSUMS.md5
-rw-r--r-- 1 aaaa users 197 2008-05-05 10:39 CHECKSUMS.md5.asc
-rw-r--r-- 1 aaaa users 197 2008-05-05 10:24 slackware-12.1-install-dvd.iso.asc
-rw-r--r-- 1 aaaa users 4049520640 2008-05-04 13:40 slackware-12.1-install-dvd.iso.iso
-rw-r--r-- 1 aaaa users 65 2008-05-05 10:24 slackware-12.1-install-dvd.iso.md5
bash-3.1$

Alien Bob 05-05-2008 04:29 AM
Just run
Code:
gpg --verify slackware-12.1-install-dvd.iso.asc
Eric

brodo 05-05-2008 04:46 AM
Quote:
Originally Posted by Alien Bob (Post 3143113)
Just run
Code:
gpg --verify slackware-12.1-install-dvd.iso.asc
Eric

Still sth wrong ....:-(..... :

bash-3.1$ gpg --verify slackware-12.1-install-dvd.iso.asc
gpg: no signed data
gpg: can't hash datafile: file open error
bash-3.1$

I've always used 2 arguments following the "gpg --verify" command : the *.asc fingerprint and the examined file.
The content of my directory is:

bash-3.1$ ls -l
total 3959054
drwxrwxrwx 2 aaaa users 296 2008-03-07 01:21 1
-rw-r--r-- 1 aaaa users 580306 2008-05-05 10:39 CHECKSUMS.md5
-rw-r--r-- 1 aaaa users 197 2008-05-05 10:39 CHECKSUMS.md5.asc
-rw-r--r-- 1 aaaa users 197 2008-05-05 10:24 slackware-12.1-install-dvd.iso.asc
-rw-r--r-- 1 aaaa users 4049520640 2008-05-04 13:40 slackware-12.1-install-dvd.iso.iso
-rw-r--r-- 1 aaaa users 65 2008-05-05 10:24 slackware-12.1-install-dvd.iso.md5

Randux 05-05-2008 05:57 AM
mv slackware-12.1-install-dvd.iso.iso slackware-12.1-install-dvd.iso

and try it again

;)

Randux 05-05-2008 06:34 AM
Quote:
Originally Posted by brodo (Post 3143122)
I've always used 2 arguments following the "gpg --verify" command : the *.asc fingerprint and the examined file.
That's not required if the files are named properly. The .asc file is not a fingerprint, it's a digital signature which is created by hashing the file and then encrypting it with your private key. That way, anybody who has your public key can compute the same hash, and then decrypt your hash with your public key and compare it to the hash they calculated on the file itself. They must match, and only the person who has your private key could have created a file you can decrypt with your public key.

Anyway you used:
Code:
gpg --verify slackware-12.1-install-dvd.iso.asc slackware-12.1-install-dvd.iso.md5
which could never work. The second file should have been slackware-12.1-install-dvd.iso.iso but you used .md5 which is just another checksum file.

See my answer in the post above; you should not have created *.iso.iso. If you rename the file as I posted with the mv command you can simply do

gpg --verify slackware-12.1-install-dvd.iso.asc

and all will be well.

brodo 05-05-2008 08:02 AM
My fault.
Of course the slackware*iso.asc file corresponds to the slackware*.iso cd image, not the slackware*iso.md5 file !
As I've always been only verifying CHECKSUMS.md5 against CHECKSUMS.md5.asc I mistakenly thought that slackware*iso.asc is for checking slackware*iso.md5 file..:(

Anyway thanks for the explanation; maybe the sunny spring time was involved in this little mess :)


All times are GMT -5. The time now is 09:39 AM.