gpg - verifying a downloaded iso file
by taylorkh from LinuxQuestions.org on (#5CX8M)
I am running CentOS 7 with gpg installedCode:[ken@taylor20 software]$ gpg --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ?, ?, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2I have downloaded the latest tails OS .iso file and am attempting to verify the file by the instructions on the tails web site https://tails.boum.org/install/dvd-d.../index.en.html
I downloaded the tails-signing.key and have it in the same subdirectory as the .iso and .iso.sig files. Following the instructions I observeCode:[ken@taylor20 software]$ TZ=UTC gpg --no-options --keyid-format long --verify tails-amd64-4.14.iso.sig tails-amd64-4.14.iso
gpg: Signature made Mon 14 Dec 2020 09:59:05 AM UTC
gpg: using ? key 90B2B4BD7AED235F
gpg: Can't check signature: Invalid public key algorithmI suspect that means that my pgp install does not support the algorithm used in the signing key. However, I have no clue as to determine what algorithm is needed nor how to add that capability to my gpg environment. Can anyone assist?
TIA,
Ken
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ?, ?, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2I have downloaded the latest tails OS .iso file and am attempting to verify the file by the instructions on the tails web site https://tails.boum.org/install/dvd-d.../index.en.html
I downloaded the tails-signing.key and have it in the same subdirectory as the .iso and .iso.sig files. Following the instructions I observeCode:[ken@taylor20 software]$ TZ=UTC gpg --no-options --keyid-format long --verify tails-amd64-4.14.iso.sig tails-amd64-4.14.iso
gpg: Signature made Mon 14 Dec 2020 09:59:05 AM UTC
gpg: using ? key 90B2B4BD7AED235F
gpg: Can't check signature: Invalid public key algorithmI suspect that means that my pgp install does not support the algorithm used in the signing key. However, I have no clue as to determine what algorithm is needed nor how to add that capability to my gpg environment. Can anyone assist?
TIA,
Ken