Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-12 07:49:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix headings

Browse Source 
See https://github.com/QubesOS/qubes-doc/pull/1180#issuecomment-883103461
This commit is contained in:
Andrew David Wong 2021-07-19 23:15:52 -07:00
parent 649babd88c
commit 161ef060eb
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
project-security/verifying-signatures.md
View File

@ -575,13 +575,11 @@ Your working directory does not contain the required files. Go back and follow
the instructions more carefully, making sure that you put all required files in the instructions more carefully, making sure that you put all required files in
the same directory *and* navigate to that directory. the same directory *and* navigate to that directory.
### Why am I getting "can't open signed data `Qubes-RX-x86_64.iso' / can't hash ### Why am I getting "can't open signed data `Qubes-RX-x86_64.iso' / can't hash datafile: file open error"?
datafile: file open error"?
The correct ISO is not in your working directory. The correct ISO is not in your working directory.
### Why am I getting "can't open `Qubes-RX-x86_64.iso.asc' / verify signatures ### Why am I getting "can't open `Qubes-RX-x86_64.iso.asc' / verify signatures failed: file open error"?
failed: file open error"?
The correct [signature file](#3-verify-your-qubes-iso) is not in your working The correct [signature file](#3-verify-your-qubes-iso) is not in your working
directory. directory.
@ -592,8 +590,7 @@ Either you don't have the correct [signature file](#3-verify-your-qubes-iso),
or you inverted the arguments to `gpg2`. ([The signature file goes or you inverted the arguments to `gpg2`. ([The signature file goes
first.](#3-verify-your-qubes-iso)) first.](#3-verify-your-qubes-iso))
### Why am I getting "WARNING: This key is not certified with a trusted ### Why am I getting "WARNING: This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner."?
signature! There is no indication that the signature belongs to the owner."?
Either you don't have the [Qubes Master Signing Either you don't have the [Qubes Master Signing
Key](#1-get-the-qubes-master-signing-key-and-verify-its-authenticity), or you Key](#1-get-the-qubes-master-signing-key-and-verify-its-authenticity), or you
@ -608,8 +605,7 @@ Signing Key](#1-get-the-qubes-master-signing-key-and-verify-its-authenticity)
and the [Release Signing Key](#2-get-the-release-signing-key) for your Qubes and the [Release Signing Key](#2-get-the-release-signing-key) for your Qubes
version. version.
### Why am I seeing additional signatures on a key with "[User ID not found]" ### Why am I seeing additional signatures on a key with "[User ID not found]" or from a revoked key?
or from a revoked key?
This is just a basic part of how OpenPGP works. Anyone can sign anyone else's This is just a basic part of how OpenPGP works. Anyone can sign anyone else's
public key and upload the signed public key to keyservers. Everyone is also public key and upload the signed public key to keyservers. Everyone is also
@ -633,9 +629,7 @@ You're not verifying against the correct [signature
file](#3-verify-your-qubes-iso), or the signature file has been modified. Try file](#3-verify-your-qubes-iso), or the signature file has been modified. Try
downloading it again or from a different source. downloading it again or from a different source.
### Do I have to verify the ISO against both the [signature ### Do I have to verify the ISO against both the [signature file](#3-verify-your-qubes-iso) and the [digest file](#how-to-verify-qubes-iso-digests)?
file](#3-verify-your-qubes-iso) and the [digest
file](#how-to-verify-qubes-iso-digests)?
No, either method is sufficient by itself. No, either method is sufficient by itself.