April 4, 2019 at 1:52 am #17172
Hope you well.
I have successfully downloaded the ISO.
When I try to import the public key via the command:
wget -q -O – https://www.kali.org/archive-key.asc | gpg –import
gpg:no valid OpenPGP data found
gpg:Total number processed: 0
April 17, 2019 at 6:01 pm #17194
Hello Brandon, add two less symbols before the import and check if it works, greetings
April 20, 2019 at 6:21 am #17225
Thank you that worked however now I have a different problem.
I successfully import the fingerprint with:
gpg –fingerprint 7D8D0BF6
However on the following command:
I obviously need to change my filename the full filename is:
So I enter wget http://cdimage.kali.org/kali.linux-2019.1a/SHA256SUMS
It connects to cdimage.kali.org however it gets a 404 awaiting response nothing found am I doing something wrong ?
Thanks in advance
April 21, 2019 at 8:53 pm #17226
Hi Brandon, try this wget http://cdimage.kali.org/kali-2019.1a/SHA256SUMS
April 22, 2019 at 2:26 pm #17229
Thank you that worked
When I try and run shasum -a 1 ./kali-linux-2019.1a-amd64.iso
I get the output no such file or directory how come? I am trying to generate and compare hashes
Note the original command per the book is
shasum -a 256 ./kali-linux-2017.1-amd64.iso
April 22, 2019 at 11:04 pm #17231
Hello Brandon, I recommend that the process of validation and checksum be done in any debian distro, you can also do it in windows, but you should check if the windows system complies with these tools.
Once you have performed the previous steps successfully, you must make the sum of the iso that I download with the file SHA256SUMS, you must verify that both are equal, try this.
if you are in a linux system, go to the directory where the iso files are located and the SHA256SUMS that you downloaded and enter:
shasum -a 256 ./kali-linux-2019.1a-amd64.iso
That gives you a hash, which you should compare with the hash of the file SHA256SUMS, enter:
grep kali-linux-2019.1a-amd64.iso SHA256SUMS
Finally, both hash must agree, in addition to this you can create a script in python to validate both hashes, both generated by the iso, as generated by the SHA256SUMS, in some cases I implement it that way, I hope and help you, Greetings
July 4, 2019 at 5:37 pm #17347
I have the same bug when I execute:
$ wget -q -O – https://www.kali.org/archive-key.asc | gpg –import
I tried to add two less symbols before import
$ wget -q -O – https://www.kali.org/archive-key.asc | gpg << –import
but it doesn’t work. Any suggestions ?
July 4, 2019 at 5:54 pm #17348
wget -q -O – https://www.kali.org/archive-key.asc > KaliLinux-archive-key.asc
gpg –import KaliLinux-archive-key.asc
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
July 4, 2019 at 6:05 pm #17349
Ok, I was too tired to deal with syntax mistakes so I stop spending time on wget and pipe. Scripting is not always a good and quickest idea.
I open the browser, enter the address “https://www.kali.org/archive-key.asc”, copy-paste the content to the KaliLinux.asc text file and then I run a command “gpg –import KaliLinux.asc”. Works fast and smooth.
gpg: key ED444FF07D8D0BF6: public key “Kali Linux Repository <email@example.com>” imported
gpg: Total number processed: 1
gpg: imported: 1
And then a verification:
pub rsa4096 2012-03-05 [SC] [expires: 2021-02-03]
uid [ unknown] Kali Linux Repository <firstname.lastname@example.org>
sub rsa4096 2012-03-05 [E] [expires: 2021-02-03]
The information [ unknown] worries me a bit but fingerprint looks correct.
July 4, 2019 at 6:09 pm #17350
Thats way or another could you tell me how the correct script command should looks like ? 🙂
July 4, 2019 at 6:16 pm #17351
And one more case.
I’ve downloaded SHA256SHUM/gpg files by using wget.
When I verified it there is a message “Good signature…”
but next there is a WARNING not mentioned in the chapter. Could you elaborate this as well ?
gpg –verify SHA256SUMS.gpg SHA256SUMS
gpg: Signature made Sun 19 May 2019 06:40:02 PM CEST
gpg: using RSA key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
gpg: Good signature from “Kali Linux Repository <email@example.com>” [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
July 7, 2019 at 12:54 pm #17352
One useful info. If anyone of readers will stuck somewhere then you can delete the keys by using like “gpg –delete-keys 7D8D0BF6” command and start again.
You must be logged in to reply to this topic.