GPG Error Exercise 01, Chapter 2

Tagged: 

Viewing 12 reply threads
  • Author
    Posts
    • #17172
      Brandon
      Participant

      Hi,

      Hope you well.

      I have successfully downloaded the ISO.

      When I try to import the public key via the command:

      wget -q -O – https://www.kali.org/archive-key.asc | gpg –import

      I get:

      gpg:no valid OpenPGP data found

      gpg:Total number processed: 0

      Please advise

      Kind Regards,

    • #17194
      androcodyex
      Participant

      Hello Brandon, add two less symbols before the import and check if it works, greetings

    • #17225
      Brandon
      Participant

      Hi,

      Thank you that worked however now I have a different problem.

      I successfully import the fingerprint with:

      gpg –fingerprint 7D8D0BF6

      However on the following command:

      wget http://cdimage.kali.org/kali-2017.1/SHA256SUMS

      I obviously need to change my filename the full filename is:

      kali.linux-2019.1a-amd64.iso

      So I enter wget http://cdimage.kali.org/kali.linux-2019.1a/SHA256SUMS

      It connects to cdimage.kali.org however it gets a 404 awaiting response nothing found am I doing something wrong ?

      Thanks in advance

    • #17226
      androcodyex
      Participant
    • #17229
      Brandon
      Participant

      Thank you that worked

      When I try and run shasum -a 1 ./kali-linux-2019.1a-amd64.iso
      49b1c5769b909220060dc4c0e11ae09d97a270a80d259e05773101df62e11e9d ./kali-linux-2019.1a-amd64.iso

      I get the output no such file or directory how come? I am trying to generate and compare hashes

      Note the original command per the book is

      shasum -a 256 ./kali-linux-2017.1-amd64.iso
      49b1c5769b909220060dc4c0e11ae09d97a270a80d259e05773101df62e11e9d ./kali-linux-2017.1-amd64.iso

    • #17231
      androcodyex
      Participant

      Hello Brandon, I recommend that the process of validation and checksum be done in any debian distro, you can also do it in windows, but you should check if the windows system complies with these tools.

      Once you have performed the previous steps successfully, you must make the sum of the iso that I download with the file SHA256SUMS, you must verify that both are equal, try this.

      if you are in a linux system, go to the directory where the iso files are located and the SHA256SUMS that you downloaded and enter:

      shasum -a 256 ./kali-linux-2019.1a-amd64.iso

      That gives you a hash, which you should compare with the hash of the file SHA256SUMS, enter:

      grep kali-linux-2019.1a-amd64.iso SHA256SUMS

      Finally, both hash must agree, in addition to this you can create a script in python to validate both hashes, both generated by the iso, as generated by the SHA256SUMS, in some cases I implement it that way, I hope and help you, Greetings

    • #17347
      Max
      Participant

      Hi Guys,
      I have the same bug when I execute:
      $ wget -q -O – https://www.kali.org/archive-key.asc | gpg –import

      I tried to add two less symbols before import

      $ wget -q -O – https://www.kali.org/archive-key.asc | gpg << –import

      but it doesn’t work. Any suggestions ?

    • #17348
      Max
      Participant

      Another try:
      wget -q -O – https://www.kali.org/archive-key.asc > KaliLinux-archive-key.asc
      gpg –import KaliLinux-archive-key.asc

      Same error:
      gpg: no valid OpenPGP data found.
      gpg: Total number processed: 0

    • #17349
      Max
      Participant

      Ok, I was too tired to deal with syntax mistakes so I stop spending time on wget and pipe. Scripting is not always a good and quickest idea.

      I open the browser, enter the address “https://www.kali.org/archive-key.asc&#8221;, copy-paste the content to the KaliLinux.asc text file and then I run a command “gpg –import KaliLinux.asc”. Works fast and smooth.

      gpg: key ED444FF07D8D0BF6: public key “Kali Linux Repository <devel@kali.org>” imported
      gpg: Total number processed: 1
      gpg: imported: 1

      And then a verification:

      gpg –list-keys
      /root/.gnupg/pubring.kbx
      ————————
      pub rsa4096 2012-03-05 [SC] [expires: 2021-02-03]
      44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
      uid [ unknown] Kali Linux Repository <devel@kali.org>
      sub rsa4096 2012-03-05 [E] [expires: 2021-02-03]

      The information [ unknown] worries me a bit but fingerprint looks correct.

    • #17350
      Max
      Participant

      Thats way or another could you tell me how the correct script command should looks like ? 🙂

    • #17351
      Max
      Participant

      And one more case.
      I’ve downloaded SHA256SHUM/gpg files by using wget.
      When I verified it there is a message “Good signature…”
      but next there is a WARNING not mentioned in the chapter. Could you elaborate this as well ?

      gpg –verify SHA256SUMS.gpg SHA256SUMS
      gpg: Signature made Sun 19 May 2019 06:40:02 PM CEST
      gpg: using RSA key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
      gpg: Good signature from “Kali Linux Repository <devel@kali.org>” [unknown]
      gpg: WARNING: This key is not certified with a trusted signature!
      gpg: There is no indication that the signature belongs to the owner.
      Primary key fingerprint: 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6

    • #17352
      Max
      Participant

      One useful info. If anyone of readers will stuck somewhere then you can delete the keys by using like “gpg –delete-keys 7D8D0BF6” command and start again.

    • #17392
      Schism
      Participant

      had the same output as Max. Understand some of the material may be dated, but the book reads:

      pub rsa4096 2012-03-05 [SC] [expires: 2018-02-02]

      uid [ full ] Kali Linux Repository <devel@kali.org>

      while current Terminal reads:

      pub rsa4096 2012-03-05 [SC] [expires: 2021-02-03]

      uid [ unknown ] Kali Linux Repository <devel@kali.org>

      What is “full” and “unknown”?

Viewing 12 reply threads
  • You must be logged in to reply to this topic.