How can I verify that my latest KDE neon iso file is downloaded correctly.
I can verify other distros by calculating and comparing a provided hash sum but in the case of KDE neon I didn't get one.
Instead I got the following:

ISO https://files.kde.org/neon/images/user/20200813-1119/neon-user-20200813-1119.iso
PGP https://files.kde.org/neon/images/user/20200813-1119/neon-user-20200813-1119.iso.sig
GPG https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xDEACEA00075E1D76
From the download page.

Please provide me with simple steps and commands to verify kde neon iso file.
Thanks.

From the https://neon.kde.org/download page where the text:

GPG signatures signed by KDE neon ISO Signing Key (0xDEACEA00075E1D76) are available alongside the ISOs for verification.

I followed https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xDEACEA00075E1D76
and saved the content into a text file publickey.gpg

Then executed the command:

Code: Select all

gpg --import publickey.gpg

Code: Select all

dev@ProBook:~/Downloads $ gpg --import publickey.gpg             
gpg: key DEACEA00075E1D76: 1 duplicate signature removed
gpg: key DEACEA00075E1D76: 9 signatures not checked due to missing keys
gpg: key DEACEA00075E1D76: public key "KDE neon ISO Signing Key <neon@kde.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no ultimately trusted keys found

After that I executed

Code: Select all

gpg --verify neon-user-20200813-1119.iso.sig

With both the .sig and .iso files in same directory.

Code: Select all

dev@ProBook:~/Downloads $ gpg --verify neon-user-20200813-1119.iso.sig                           
gpg: assuming signed data in 'neon-user-20200813-1119.iso'
gpg: Signature made �� 16:40:21 PKT �� 13 �������� 2020
gpg:                using RSA key 348C8651206633FD983A8FC4DEACEA00075E1D76
gpg: Good signature from "KDE neon ISO Signing Key <neon@kde.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 348C 8651 2066 33FD 983A  8FC4 DEAC EA00 075E 1D76

Code: Select all

gpg

and

Code: Select all

gpg2

both worked the same.

Code: Select all

--verify

flag is important.

Thanks, I didn't know what to do but this worked for me.

baharalidurrani wrote:How can I verify that my latest KDE neon iso file is downloaded correctly.
I can verify other distros by calculating and comparing a provided hash sum but in the case of KDE neon I didn't get one.
Instead I got the following:

ISO https://files.kde.org/neon/images/user/20200813-1119/neon-user-20200813-1119.iso
PGP https://files.kde.org/neon/images/user/20200813-1119/neon-user-20200813-1119.iso.sig
GPG https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xDEACEA00075E1D76
From the download page.

Please provide me with simple steps and commands to verify kde neon iso file.
Thanks.

Do you happens to have this signature with you?

Hi, I'm having similar issues in verifying the iso using a signature, I'm sure it is lack of ability on my part. Most good bit torrent software and USB writers offer SHA256 or MD5 checking, is it not possible for KDE neon to be provided with these as verification methods rather than the use of the signature? Thanks. I did find the SHA256 on the mirror page and I was able to verify the latest ISO, it would be more convenient to have it SHA256 on the main page for people with less terminal skills such as myself, thanks again.