You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I checked English and several other language guides and found out that OpenPGP 32-bit key ID is recommended as an alternative for verifying an ISO.
Linux Mint Installation Guide --> Verify your ISO image --> Authenticity check
If gpg complains about the key ID, try the following commands instead:
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key A25BAE09
gpg --list-key --with-fingerprint A25BAE09
Check the output of the last command, to make sure the fingerprint is 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09 (with or without spaces).
There are some users in the wild including Linux Mint forum which are not familiar enough with GnuPG to resolve a problem even if they see that signature is wrong. It is a well known issue and only full 64-bit identifiers should be used. See: https://github.com/jwilk/stopgp32 https://seclists.org/oss-sec/2018/q3/174
The text was updated successfully, but these errors were encountered:
morton-f
changed the title
Security issue: malicious key is reccomended for verification of the Linux Mint ISO
Security issue: deprecated 32-bit key ID is reccomended for verification of the Linux Mint ISO
Sep 22, 2020
morton-f
changed the title
Security issue: deprecated 32-bit key ID is reccomended for verification of the Linux Mint ISO
Security issue: deprecated 32-bit key ID is recommended for verification of the Linux Mint ISO
Oct 28, 2021
I checked English and several other language guides and found out that OpenPGP 32-bit key ID is recommended as an alternative for verifying an ISO.
Linux Mint Installation Guide --> Verify your ISO image --> Authenticity check
results in
There are some users in the wild including Linux Mint forum which are not familiar enough with GnuPG to resolve a problem even if they see that signature is wrong. It is a well known issue and only full 64-bit identifiers should be used. See:
https://github.com/jwilk/stopgp32
https://seclists.org/oss-sec/2018/q3/174
The text was updated successfully, but these errors were encountered: