Hi. Despite being a technical person, I never seem to be able to understand the authentication instructions for downloaded files. One concern I have is that the shasum files cannot be downloaded and therefore the contents have to be cut and pasted - surely this leads to errors. Please see below my attempt at this. The instructions do not mention what to do if you get the message "no ultimately trusted keys found" The initial checksum check produces a correct answer. I downloaded two identical files from different mirrors at different times and did a diff and they are identical. So is this OK or not? If not what do I do now?
mntuser@INSP530 ~/Desktop/LMDE ISO $ sha256sum -b *.iso
f5bd84c2fe3c097c1f969f9b842b3e7b575be7a6515d9c41b1554941c1598a4d *lmde-2-201701-cinnamon-64bit.iso
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: key A25BAE09: public key "Linux Mint ISO Signing Key <root@linuxmint.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key A25BAE09
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: key A25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --list-key --with-fingerprint A25BAE09
pub 4096R/A25BAE09 2016-06-07
Key fingerprint = 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
uid Linux Mint ISO Signing Key <root@linuxmint.com>
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri 10 Mar 2017 19:36:25 GMT using RSA key ID A25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri 10 Mar 2017 19:36:25 GMT using RSA key ID A25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
mntuser@INSP530 ~/Desktop/LMDE ISO $ ls -l
total 1479308
-rw------- 1 mntuser mntuser 1514799104 Mar 16 16:47 lmde-2-201701-cinnamon-64bit.iso
-rw-r--r-- 1 mntuser mntuser 777 Mar 21 21:03 sha256sum.txt
-rw-r--r-- 1 mntuser mntuser 820 Mar 21 21:01 sha256sum.txt.gpg
mntuser@INSP530 ~/Desktop/LMDE ISO $
Authentication issue with LMDE2
Forum rules
LMDE 2 has reached end of support as of 1-1-2019
LMDE 2 has reached end of support as of 1-1-2019
-
- Level 3
- Posts: 111
- Joined: Tue Jun 03, 2008 1:03 pm
Authentication issue with LMDE2
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Authentication isssue with LMDE2
f5bd84c2fe3c097c1f969f9b842b3e7b575be7a6515d9c41b1554941c1598a4d *lmde-2-201701-cinnamon-64bit.iso
Looks like you have a match !
Ref: ftp://ftp.heanet.ie/pub/linuxmint.com/d ... 256sum.txt
-
- Level 3
- Posts: 111
- Joined: Tue Jun 03, 2008 1:03 pm
Re: Authentication isssue with LMDE2
Hi - yes but the signature is bad. So which method wins?
-
- Level 3
- Posts: 111
- Joined: Tue Jun 03, 2008 1:03 pm
Re: Authentication issue with LMDE2
I have done this check again today re-copying the sha256sum.txt.gpg file, and although the integrity is OK - I am quite clearly getting a bad signature. So now I can't install this. Is anyone going to fix this or am I raising this in the wrong board?:
mntuser@INSP530 ~/Desktop/LMDE ISO $ sha256sum -b *.iso
f5bd84c2fe3c097c1f969f9b842b3e7b575be7a6515d9c41b1554941c1598a4d *lmde-2-201701-cinnamon-64bit.iso
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: key A25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri 10 Mar 2017 19:36:25 GMT using RSA key ID A25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri 10 Mar 2017 19:36:25 GMT using RSA key ID A25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
mntuser@INSP530 ~/Desktop/LMDE ISO $
mntuser@INSP530 ~/Desktop/LMDE ISO $ sha256sum -b *.iso
f5bd84c2fe3c097c1f969f9b842b3e7b575be7a6515d9c41b1554941c1598a4d *lmde-2-201701-cinnamon-64bit.iso
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: key A25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri 10 Mar 2017 19:36:25 GMT using RSA key ID A25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri 10 Mar 2017 19:36:25 GMT using RSA key ID A25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
mntuser@INSP530 ~/Desktop/LMDE ISO $
- Fred Barclay
- Level 12
- Posts: 4185
- Joined: Sat Sep 13, 2014 11:12 am
- Location: USA primarily
Re: Authentication issue with LMDE2
That's a good call on your part and better than what we sometimes see here.Bobo-the-Cat wrote:So now I can't install this.
I think you might be using the wrong GPG key, though. For the old LMDE 2 images, Clem signed 'em with a key with this fingerprint: A25BAE09.
Perhaps he's used the same key for the new images?
(https://fred-barclay.github.io/VerifyLinuxMint/)
Could you try this?
Code: Select all
gpg --keyserver keyserver.ubuntu.com --recv-key "E1A3 8B8F 1446 75D0 60EA 666F 3EE6 7F3D 0FF4 05B2"
gpg --verify sha256sum.txt.gpg sha256sum.txt
-
- Level 3
- Posts: 111
- Joined: Tue Jun 03, 2008 1:03 pm
Re: Authentication issue with LMDE2
Fred, Thanks. I believe I used the new 2017 ISO and the new authenticity checking files. The output from your suggestion is:
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key "E1A3 8B8F 1446 75D0 60EA 666F 3EE6 7F3D 0FF4 05B2"
gpg: requesting key 0FF405B2 from hkp server keyserver.ubuntu.com
gpg: key 0FF405B2: "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri 10 Mar 2017 19:36:25 GMT using RSA key ID A25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
mntuser@INSP530 ~/Desktop/LMDE ISO $
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key "E1A3 8B8F 1446 75D0 60EA 666F 3EE6 7F3D 0FF4 05B2"
gpg: requesting key 0FF405B2 from hkp server keyserver.ubuntu.com
gpg: key 0FF405B2: "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
mntuser@INSP530 ~/Desktop/LMDE ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri 10 Mar 2017 19:36:25 GMT using RSA key ID A25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
mntuser@INSP530 ~/Desktop/LMDE ISO $
Re: Authentication issue with LMDE2
Your commands look correct but you didn't mention where you got the sha256 sums.
The files on heanet match the signature.
Code: Select all
clem@xxx ~/TEST $ wget https://ftp.heanet.ie/mirrors/linuxmint.com/debian/sha256sum.txt
--2017-03-30 01:23:24-- https://ftp.heanet.ie/mirrors/linuxmint.com/debian/sha256sum.txt
Resolving ftp.heanet.ie (ftp.heanet.ie)... 193.1.193.64, 2001:770:18:aa40::c101:c140
Connecting to ftp.heanet.ie (ftp.heanet.ie)|193.1.193.64|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 776 [text/plain]
Saving to: 'sha256sum.txt'
sha256sum.txt 100%[===============================================================>] 776 --.-KB/s in 0s
2017-03-30 01:23:25 (90.0 MB/s) - 'sha256sum.txt' saved [776/776]
clem@xxx ~/TEST $ wget https://ftp.heanet.ie/mirrors/linuxmint.com/debian/sha256sum.txt.gpg
--2017-03-30 01:23:31-- https://ftp.heanet.ie/mirrors/linuxmint.com/debian/sha256sum.txt.gpg
Resolving ftp.heanet.ie (ftp.heanet.ie)... 193.1.193.64, 2001:770:18:aa40::c101:c140
Connecting to ftp.heanet.ie (ftp.heanet.ie)|193.1.193.64|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 819 [text/plain]
Saving to: 'sha256sum.txt.gpg'
sha256sum.txt.gpg 100%[===============================================================>] 819 --.-KB/s in 0s
2017-03-30 01:23:31 (79.9 MB/s) - 'sha256sum.txt.gpg' saved [819/819]
clem@xxx ~/TEST $ gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: key A25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" 14 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: new signatures: 14
clem@xxx ~/TEST $
clem@xxx ~/TEST $ gpg --list-key --with-fingerprint A25BAE09
pub 4096R/A25BAE09 2016-06-07
Key fingerprint = 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
uid Linux Mint ISO Signing Key <root@linuxmint.com>
clem@xxx ~/TEST $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Fri Mar 10 19:36:25 2017 GMT using RSA key ID A25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
-
- Level 3
- Posts: 111
- Joined: Tue Jun 03, 2008 1:03 pm
Re: Authentication issue with LMDE2
Hi Clem. I got the sums from the following link on the Linux Mint site:
1.https://www.linuxmint.com/edition.php?id=233
2. Click on "Don't forget to verify your ISO"
3. https://linuxmint.com/verify.php is displayed
4. Select LMDE button
5.Page with "How to verify ISO images is displayed" (same URL)
6. Click on each of the 2 "sha" file links - then cut and paste contents to files in the ISO directory I have created along with the ISO itself - which has already been downloaded
I have now tried from heanet and finally got a good signature - so the issue appears to be with the one that I was copying from the web page ( see link above). Thanks for your help.
1.https://www.linuxmint.com/edition.php?id=233
2. Click on "Don't forget to verify your ISO"
3. https://linuxmint.com/verify.php is displayed
4. Select LMDE button
5.Page with "How to verify ISO images is displayed" (same URL)
6. Click on each of the 2 "sha" file links - then cut and paste contents to files in the ISO directory I have created along with the ISO itself - which has already been downloaded
I have now tried from heanet and finally got a good signature - so the issue appears to be with the one that I was copying from the web page ( see link above). Thanks for your help.
Re: Authentication issue with LMDE2
Cool. The page links to Heanet as well.
The issue might have been with the cut-n-paste. It's better to download the file (right-click -> download) or copy the link and wget it.
The issue might have been with the cut-n-paste. It's better to download the file (right-click -> download) or copy the link and wget it.