3

I downloaded Ubuntu 16.04 to run on VirtualBox (Windows 10 host). I would like to verify the download (Ubuntu instructions). From the instructions:

Tip: On non-Linux systems, you might need to download the GPG tools for this next step. To check if you have the GPG tools installed, run the command gpg --version or gpg2 --version.

So I downloaded and installed Gpg4win.

Ubuntu says to get their public keys from their keyserver:

$ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys "8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092" "C598 6B4F 1257 FFA8 6632 CBA7 4618 1433 FBB7 5451"
gpg: directory `/home/ubuntu/.gnupg' created
gpg: new configuration file `/home/ubuntu/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/ubuntu/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/ubuntu/.gnupg/secring.gpg' created
gpg: keyring `/home/ubuntu/.gnupg/pubring.gpg' created
gpg: requesting key EFE21092 from hkp server keyserver.ubuntu.com
gpg: requesting key FBB75451 from hkp server keyserver.ubuntu.com
gpg: /home/ubuntu/.gnupg/trustdb.gpg: trustdb created
gpg: key EFE21092: public key "Ubuntu CD Image Automatic Signing Key (2012) " imported
gpg: key FBB75451: public key "Ubuntu CD Image Automatic Signing Key " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 2
gpg:               imported: 2  (RSA: 1)

But I'm getting the following error:

enter image description here

Jens Erat
  • 17,507
  • 14
  • 61
  • 74
yroc
  • 143
  • 1
  • 4
  • Did you try running `gpg` as per the instructions and not `gpg2`? – DavidPostill Apr 28 '16 at 21:41
  • Pretty sure they're just using `gpg` as an example. If you look at the Tip, it says to run `gpg` or `gpg2`. Pretty sure that's not the problem. Besides, the gpg4win program doesn't seem to come with `gpg`. – yroc Apr 28 '16 at 21:47
  • Try it anyway ;) – DavidPostill Apr 28 '16 at 21:47
  • Yes your point that computers are _exact_ machines is well taken, but in the install directory and there is no `gpg` execution file. Only `gpg2`. From my (very limited) understanding `gpg2` is just a more modern version of gpg`. – yroc Apr 28 '16 at 21:50
  • You're right - "There is no difference in gpg1 vs gpg2 to the end user. Gpg2 is compiled against external libraries, whereas with gpg1, the are no external libraries -- all is built into the program. Both offer the same functionality, same encryption algos, same ciphers, etc. Both adhere to the RFC8440 standard. " – DavidPostill Apr 28 '16 at 21:50
  • right, so any idea on what is causing the problem? – yroc Apr 28 '16 at 21:52
  • Sorry, no ... :/ – DavidPostill Apr 28 '16 at 21:56
  • FWIW The gpg version of the command works here on Windows 7 using cygwin gpg – DavidPostill Apr 28 '16 at 21:58
  • Yes that's good to know. Thanks for your efforts -- much appreciated :-) I might try one of the IRC channels. – yroc Apr 28 '16 at 22:00
  • Please do _never_ screenshot text. Copy/paste ist instead, and use the embedded formatting capabilities provided to format it (have a look at the [FAQ]). Screenshots make reading and searching the contents, and especially _working_ with it much harder. – Jens Erat Apr 29 '16 at 07:08
  • @JensErat Noted. – yroc Apr 29 '16 at 14:35

2 Answers2

4

While the command works fine under GnuPG on Linux, it fails in Windows. I've been able to make it work by removing all spaces:

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 843938DF228D22F7B3742BC0D94AA3F0EFE21092 C5986B4F1257FFA86632CBA746181433FBB75451

(the quotes are not required any more, either; so I removed them).

If you really want to verify against signatures from Ubuntu, you obviously shouldn't copy/paste this specific command line as is, but remove the space from the original Ubuntu page on your own.

Jens Erat
  • 17,507
  • 14
  • 61
  • 74
  • Hmm. Then GnuPG on Windows is broken. Cygwin gpg works as expected. – DavidPostill Apr 29 '16 at 14:05
  • @JensErat Yes I can confirm this worked -- thank you. – yroc Apr 29 '16 at 14:33
  • 1
    @DavidPostill So would this be an issue with Gpg4win? In that case I could bring this issue to their attention on one of their support forums. – yroc Apr 29 '16 at 14:34
  • @yroc Probably a good idea ;) – DavidPostill Apr 29 '16 at 14:35
  • Providing bug reports is always a good thing, and helps developers a lot. Make sure to include Windows version and build, and also Gpg4Win version (and if you can verify against cygwin, also the version built from cygwin). Those details will help the developers a lot in reproducing the issue. – Jens Erat Apr 29 '16 at 14:51
0

I's the same on a mac. But harder to work out how to confirm the signatures as no amount of mangling spaces seems to work for that.

Richard
  • 1