I need some help finding the best method and guide me setp by step through it, so I don’t have to download twice. I never was able to get the gpg signature to work, just the shal256sum.
There is something called meta-link which I think requires a firefox add-on.
Is there a command line to check the file as you download it? I vaguely remember something about that.
gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
# If you experience a "Failed to receive key from key server: no name" error, try this instead:
gpg --keyserver pgp.mit.edu --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
gpg --verify Downloads/openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso.sha256.asc Downloads/openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso.sha256
gpg: Signature made Sat 28 May 2022 03:47:12 PM CDT
gpg: using RSA key B88B2FD43DBDC284
gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
If you can’t reach them, then I suspect your ISP/VPN (or however your connecting to the interent) is blocked/blacklisted, take it up with your internet provider.
gpg --verify Downloads/openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso.sha256.asc Downloads/openSUSE-Leap-15.4-DVD-x86_64-Build243.2-Media.iso.sha256
gpg: Signature made Sat 28 May 2022 03:47:12 PM CDT
gpg: using RSA key B88B2FD43DBDC284
gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
And in any case its format is incorrect which explains “Unexpected error” from gpg.
P.S. and would you please refrains from adding all sort of weird formatting to CODE which makes it hard to answer. It does not make your posts more readable. On the contrary, if you cannot spend a small amount of your time making your post easier to handle, why do you expect others to waste their time removing all this redundant formatting in answers?
I was showing the checksum file I downloaded. … I’m NOT an [expert] on using PGP, keep that in mind…
The link below is for the tumbleweed version. Is that the correct link for the asc file for the leap version? That’s the tumbleweed link. If not where is the link to asc file for leap version?
Intel or AMD 64-bit desktops, laptops, and servers (x86_64)
PGP checksums are very confusing. sha512sum/sha256sum is much simpler to understand. Making a sha512sum available instead of sha256sum would be helpful.
Verify Your Download Before Use
Many applications can verify the checksum of a download. To verify your download can be important as it verifies you really have got the ISO file you wanted to download and not some broken version.
For each ISO, we offer a checksum file with the corresponding SHA256 sum.
For extra security, you can use GPG to verify who signed those .sha256 files.
It should be **22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284**](https://download.opensuse.org/tumbleweed/repo/oss/gpg-pubkey-3dbdc284-53674dd4.asc)
For more help verifying your download please read [Checksums Help](https://en.opensuse.org/SDB:Download_help#Checksums)
gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
# If you experience a "Failed to receive key from key server: no name" error, try this instead:
gpg --keyserver pgp.mit.edu --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
gpg --fingerprint "openSUSE Project Signing Key <opensuse@opensuse.org>"
The key wouldn’t download. So, I used the alternet download posted.
> gpg --verify Leap-15.4-DVD-x86_64-Media.iso.asc Leap-15.4-DVD-x86_64-Medi
a.iso.sha256
gpg: keybox '/home/lehann_beinne/.gnupg/pubring.kbx' created
gpg: can't open 'Leap-15.4-DVD-x86_64-Media.iso.asc': No such file or directory
gpg: verify signatures failed: No such file or directory
> sha256sum -c openSUSE-Leap-15.4-DVD-x86_64-Media.iso.sha256
openSUSE-Leap-15.4-DVD-x86_64-Media.iso: OK
Done, checksum verified, the last command does it. Change the change the website’s command to: sha256sum – > sha512sum. That is the change.
Most of the time, I just paste the output and compare the checksums manually in kate.
As for the gpg key verify, what I am doing wrong? The command sequence should be complete to get and verify the key.
I have no idea what this means. You still did not explain where you got this file from or why you decided to use this file in the first place.
> gpg --verify Leap-15.4-DVD-x86_64-Media.iso.asc Leap-15.4-DVD-x86_64-Medi
a.iso.sha256
gpg: keybox '/home/lehann_beinne/.gnupg/pubring.kbx' created
gpg: can't open 'Leap-15.4-DVD-x86_64-Media.iso.asc': No such file or directory
gpg: verify signatures failed: No such file or directory
Your second code block includes three lines. We have no idea what these three lines mean, how they were generated or why you thought it important to show these three lines and how they are related to the first code block. As you apparently expect us to read your mind, I arbitrary declare that these three lines are the output of ls command, in which case you use file name that does not exist in your gpg command.