gpg: Can't check signature: No public key

Board index

Page 1 of 1 (6 posts)

Tags:

TechnoJunky Registered Member Posts 25 Karma 0 OS	gpg: Can't check signature: No public key Mon Sep 23, 2019 12:38 pm I have Neon installed, and updated to current. I dual boot and Winblows broke. So I need to do some sort of rescue on it and am afraid that when I do, it's going to wipe out my Neon install. So I want to be prepared by having a new install prepared first. I don't recall the download having PGP verification previously. Is there any place with the steps for how to use it listed somewhere? I found some info but I'm not getting what I expect using it. Sha256 shows the same info for the neon-user-20190919-1119.iso that's in neon-user-20190919-1119.sha256sum. But when I run "gpg --verify neon-user-20190919-1119.iso.sig neon-user-20190919-1119.iso", I get: gpg: Signature made Thu 19 Sep 2019 06:40:02 AM CDT gpg: using RSA key DEACEA00075E1D76 gpg: Can't check signature: No public key So I think I'm missing the Public key. Where do I find it? F37 KDE Spin
apachelogger KDE Developer Posts 525 Karma 5 OS	Re: gpg: Can't check signature: No public key Mon Sep 23, 2019 1:20 pm The website tells you the key id https://neon.kde.org/download Annoyed with bbcode since 1999.
TechnoJunky Registered Member Posts 25 Karma 0 OS	Re: gpg: Can't check signature: No public key Mon Sep 23, 2019 2:06 pm That page has 2 links that I can see, besides which Edition of Neon you want. The Download the ISO link and the Download for PGP signature for verification. I downloaded both. That's how i got the neon-user-20190919-1119.iso.sig and neon-user-20190919-1119.iso files. So what's missing? Why does it say there's no Public Key? F37 KDE Spin
apachelogger KDE Developer Posts 525 Karma 5 OS	Re: gpg: Can't check signature: No public key Mon Sep 23, 2019 3:18 pm Annoyed with bbcode since 1999.
TechnoJunky Registered Member Posts 25 Karma 0 OS	Re: gpg: Can't check signature: No public key Mon Sep 23, 2019 7:15 pm Better now. Thanks. Should I be concerned with the red lines? gpg: Signature made Thu 19 Sep 2019 06:40:02 AM CDT gpg: using RSA key DEACEA00075E1D76 gpg: Good signature from "KDE neon ISO Signing Key <neon@kde.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 348C 8651 2066 33FD 983A 8FC4 DEAC EA00 075E 1D76 F37 KDE Spin
apachelogger KDE Developer Posts 525 Karma 5 OS	Re: gpg: Can't check signature: No public key Tue Sep 24, 2019 8:51 am Yes and no, gpg is just pointing out that you don't know this key so it cannot be 100% certain of the authenticity of the file-key combo. Since you obtained the key's id from the https'd website though and it is actually the key the ISO was signed with you can now be fairly certain of the authenticity based on the context. Context gpg doesn't know about, hence the warning. Annoyed with bbcode since 1999.