GPG Error Exercise 01, Chapter 2

Tagged: 

This topic contains 12 replies, has 4 voices, and was last updated by  Schism 1 month, 1 week ago.

  • Author
    Posts
  • #17172

    Brandon
    Participant

    Hi,

    Hope you well.

    I have successfully downloaded the ISO.

    When I try to import the public key via the command:

    wget -q -O – https://www.kali.org/archive-key.asc | gpg –import

    I get:

    gpg:no valid OpenPGP data found

    gpg:Total number processed: 0

    Please advise

    Kind Regards,

  • #17194

    androcodyex
    Participant

    Hello Brandon, add two less symbols before the import and check if it works, greetings

  • #17225

    Brandon
    Participant

    Hi,

    Thank you that worked however now I have a different problem.

    I successfully import the fingerprint with:

    gpg –fingerprint 7D8D0BF6

    However on the following command:

    wget http://cdimage.kali.org/kali-2017.1/SHA256SUMS

    I obviously need to change my filename the full filename is:

    kali.linux-2019.1a-amd64.iso

    So I enter wget http://cdimage.kali.org/kali.linux-2019.1a/SHA256SUMS

    It connects to cdimage.kali.org however it gets a 404 awaiting response nothing found am I doing something wrong ?

    Thanks in advance

  • #17226

    androcodyex
    Participant

    Hi Brandon, try this wget http://cdimage.kali.org/kali-2019.1a/SHA256SUMS

  • #17229

    Brandon
    Participant

    Thank you that worked

    When I try and run shasum -a 1 ./kali-linux-2019.1a-amd64.iso
    49b1c5769b909220060dc4c0e11ae09d97a270a80d259e05773101df62e11e9d ./kali-linux-2019.1a-amd64.iso

    I get the output no such file or directory how come? I am trying to generate and compare hashes

    Note the original command per the book is

    shasum -a 256 ./kali-linux-2017.1-amd64.iso
    49b1c5769b909220060dc4c0e11ae09d97a270a80d259e05773101df62e11e9d ./kali-linux-2017.1-amd64.iso

  • #17231

    androcodyex
    Participant

    Hello Brandon, I recommend that the process of validation and checksum be done in any debian distro, you can also do it in windows, but you should check if the windows system complies with these tools.

    Once you have performed the previous steps successfully, you must make the sum of the iso that I download with the file SHA256SUMS, you must verify that both are equal, try this.

    if you are in a linux system, go to the directory where the iso files are located and the SHA256SUMS that you downloaded and enter:

    shasum -a 256 ./kali-linux-2019.1a-amd64.iso

    That gives you a hash, which you should compare with the hash of the file SHA256SUMS, enter:

    grep kali-linux-2019.1a-amd64.iso SHA256SUMS

    Finally, both hash must agree, in addition to this you can create a script in python to validate both hashes, both generated by the iso, as generated by the SHA256SUMS, in some cases I implement it that way, I hope and help you, Greetings

  • #17347

    Max
    Participant

    Hi Guys,
    I have the same bug when I execute:
    $ wget -q -O – https://www.kali.org/archive-key.asc | gpg –import

    I tried to add two less symbols before import

    $ wget -q -O – https://www.kali.org/archive-key.asc | gpg << –import

    but it doesn’t work. Any suggestions ?

  • #17348

    Max
    Participant

    Another try:
    wget -q -O – https://www.kali.org/archive-key.asc > KaliLinux-archive-key.asc
    gpg –import KaliLinux-archive-key.asc

    Same error:
    gpg: no valid OpenPGP data found.
    gpg: Total number processed: 0

  • #17349

    Max
    Participant

    Ok, I was too tired to deal with syntax mistakes so I stop spending time on wget and pipe. Scripting is not always a good and quickest idea.

    I open the browser, enter the address “https://www.kali.org/archive-key.asc”, copy-paste the content to the KaliLinux.asc text file and then I run a command “gpg –import KaliLinux.asc”. Works fast and smooth.

    gpg: key ED444FF07D8D0BF6: public key “Kali Linux Repository <devel@kali.org>” imported
    gpg: Total number processed: 1
    gpg: imported: 1

    And then a verification:

    gpg –list-keys
    /root/.gnupg/pubring.kbx
    ————————
    pub rsa4096 2012-03-05 [SC] [expires: 2021-02-03]
    44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
    uid [ unknown] Kali Linux Repository <devel@kali.org>
    sub rsa4096 2012-03-05 [E] [expires: 2021-02-03]

    The information [ unknown] worries me a bit but fingerprint looks correct.

  • #17350

    Max
    Participant

    Thats way or another could you tell me how the correct script command should looks like ? 🙂

  • #17351

    Max
    Participant

    And one more case.
    I’ve downloaded SHA256SHUM/gpg files by using wget.
    When I verified it there is a message “Good signature…”
    but next there is a WARNING not mentioned in the chapter. Could you elaborate this as well ?

    gpg –verify SHA256SUMS.gpg SHA256SUMS
    gpg: Signature made Sun 19 May 2019 06:40:02 PM CEST
    gpg: using RSA key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
    gpg: Good signature from “Kali Linux Repository <devel@kali.org>” [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6

  • #17352

    Max
    Participant

    One useful info. If anyone of readers will stuck somewhere then you can delete the keys by using like “gpg –delete-keys 7D8D0BF6” command and start again.

  • #17392

    Schism
    Participant

    had the same output as Max. Understand some of the material may be dated, but the book reads:

    pub rsa4096 2012-03-05 [SC] [expires: 2018-02-02]

    uid [ full ] Kali Linux Repository <devel@kali.org>

    while current Terminal reads:

    pub rsa4096 2012-03-05 [SC] [expires: 2021-02-03]

    uid [ unknown ] Kali Linux Repository <devel@kali.org>

    What is “full” and “unknown”?

You must be logged in to reply to this topic.

Back to Top