GPG Error Exercise 01, Chapter 2


Viewing 13 reply threads
  • Author
    • #17172


      Hope you well.

      I have successfully downloaded the ISO.

      When I try to import the public key via the command:

      wget -q -O – | gpg –import

      I get:

      gpg:no valid OpenPGP data found

      gpg:Total number processed: 0

      Please advise

      Kind Regards,

    • #17194

      Hello Brandon, add two less symbols before the import and check if it works, greetings

    • #17225


      Thank you that worked however now I have a different problem.

      I successfully import the fingerprint with:

      gpg –fingerprint 7D8D0BF6

      However on the following command:


      I obviously need to change my filename the full filename is:


      So I enter wget

      It connects to however it gets a 404 awaiting response nothing found am I doing something wrong ?

      Thanks in advance

    • #17226
    • #17229

      Thank you that worked

      When I try and run shasum -a 1 ./kali-linux-2019.1a-amd64.iso
      49b1c5769b909220060dc4c0e11ae09d97a270a80d259e05773101df62e11e9d ./kali-linux-2019.1a-amd64.iso

      I get the output no such file or directory how come? I am trying to generate and compare hashes

      Note the original command per the book is

      shasum -a 256 ./kali-linux-2017.1-amd64.iso
      49b1c5769b909220060dc4c0e11ae09d97a270a80d259e05773101df62e11e9d ./kali-linux-2017.1-amd64.iso

    • #17231

      Hello Brandon, I recommend that the process of validation and checksum be done in any debian distro, you can also do it in windows, but you should check if the windows system complies with these tools.

      Once you have performed the previous steps successfully, you must make the sum of the iso that I download with the file SHA256SUMS, you must verify that both are equal, try this.

      if you are in a linux system, go to the directory where the iso files are located and the SHA256SUMS that you downloaded and enter:

      shasum -a 256 ./kali-linux-2019.1a-amd64.iso

      That gives you a hash, which you should compare with the hash of the file SHA256SUMS, enter:

      grep kali-linux-2019.1a-amd64.iso SHA256SUMS

      Finally, both hash must agree, in addition to this you can create a script in python to validate both hashes, both generated by the iso, as generated by the SHA256SUMS, in some cases I implement it that way, I hope and help you, Greetings

    • #17347

      Hi Guys,
      I have the same bug when I execute:
      $ wget -q -O – | gpg –import

      I tried to add two less symbols before import

      $ wget -q -O – | gpg << –import

      but it doesn’t work. Any suggestions ?

    • #17348

      Another try:
      wget -q -O – > KaliLinux-archive-key.asc
      gpg –import KaliLinux-archive-key.asc

      Same error:
      gpg: no valid OpenPGP data found.
      gpg: Total number processed: 0

    • #17349

      Ok, I was too tired to deal with syntax mistakes so I stop spending time on wget and pipe. Scripting is not always a good and quickest idea.

      I open the browser, enter the address “;, copy-paste the content to the KaliLinux.asc text file and then I run a command “gpg –import KaliLinux.asc”. Works fast and smooth.

      gpg: key ED444FF07D8D0BF6: public key “Kali Linux Repository <>” imported
      gpg: Total number processed: 1
      gpg: imported: 1

      And then a verification:

      gpg –list-keys
      pub rsa4096 2012-03-05 [SC] [expires: 2021-02-03]
      uid [ unknown] Kali Linux Repository <>
      sub rsa4096 2012-03-05 [E] [expires: 2021-02-03]

      The information [ unknown] worries me a bit but fingerprint looks correct.

    • #17350

      Thats way or another could you tell me how the correct script command should looks like ? 🙂

    • #17351

      And one more case.
      I’ve downloaded SHA256SHUM/gpg files by using wget.
      When I verified it there is a message “Good signature…”
      but next there is a WARNING not mentioned in the chapter. Could you elaborate this as well ?

      gpg –verify SHA256SUMS.gpg SHA256SUMS
      gpg: Signature made Sun 19 May 2019 06:40:02 PM CEST
      gpg: using RSA key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
      gpg: Good signature from “Kali Linux Repository <>” [unknown]
      gpg: WARNING: This key is not certified with a trusted signature!
      gpg: There is no indication that the signature belongs to the owner.
      Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6

    • #17352

      One useful info. If anyone of readers will stuck somewhere then you can delete the keys by using like “gpg –delete-keys 7D8D0BF6” command and start again.

    • #17392

      had the same output as Max. Understand some of the material may be dated, but the book reads:

      pub rsa4096 2012-03-05 [SC] [expires: 2018-02-02]

      uid [ full ] Kali Linux Repository <>

      while current Terminal reads:

      pub rsa4096 2012-03-05 [SC] [expires: 2021-02-03]

      uid [ unknown ] Kali Linux Repository <>

      What is “full” and “unknown”?

    • #17457

      downloaded everything with wget, but on verification I get BAD signature.
      gpg –verify SHA256SUMS.gpg SHA256SUMS
      gpg: Signature made Mon 27 Jan 2020 17:36:32 CET
      gpg: using RSA key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
      gpg: BAD signature from “Kali Linux Repository <>” [unknown]

      Tried several times deleting keys prior to it with
      gpg –delete-keys aswell
      gpg –delete-secret-keys

      But sha256sum of .iso matches the one in SHA256SUMS.

      Please can you give me some advise

      Kind regards

Viewing 13 reply threads
  • You must be logged in to reply to this topic.