Page 1 of 1

LMDE3 BAD signature

Posted: Sat Mar 16, 2019 8:58 pm
by minty_deb_dev
Hey everyone. I'm sure I'm doing something dumb here but I can't figure out what it is.

I'm trying to verify my LMDE 3 64 bit ISO. I've torrented the ISO and I was able to successfully verify the sha256sum based on the file found here ... 256sum.txt. My issue is with verifying the integrity of the sha256sum.txt with gpg with the signature found here ... um.txt.gpg.

The output of running gpg --verify sha256sum.txt.gpg sha256sum.txt:

Code: Select all

gpg: Signature made Mon Dec  3 08:26:55 2018 EST
gpg:                using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <>" [unknown]
This RSA key is the same as is published here

I don't know why I'm unable to verify the the integrity of sha256sum.txt

I'm currently running on MacOS Mojave 10.14.1, and I had to use brew to install wget and gpg.
I've tried downloading the files with both curl and wget and I'm met with the same result; BAD signature.
I'm sure I've messed something up in the process. If y'all have any idea I would really appreciate some help.

Thank you for your time reading and responding to this post.

Re: LMDE3 BAD signature

Posted: Sun Mar 17, 2019 2:06 am
by gm10
Please follow the instructions on for the LMDE edition, and that includes downloading the .gpg file from there (you got the wrong one).

Re: LMDE3 BAD signature

Posted: Sun Mar 17, 2019 9:33 am
by minty_deb_dev
Wow I knew I was doing something dumb. Thank you so much.

I'm not sure how I managed to grab the right sha256sum.txt and the wrong gpg.

I was able to get a good signature.
Thank you for your help.