0

I am following instructions here and I am only seeing terminal output for one missing key:

$ gpg --keyid-format long --verify ubuntu-20.04.3-desktop-amd64.SHA256SUMS.gpg ubuntu-20.04.3-desktop-amd64.SHA256SUMS
gpg: Signature made to 26. august 2021 09.52.49 UTC
gpg:                using RSA key 843938DF228D22F7B3742BC0D94AA3F0EFE21092
gpg: Can't check signature: No public key

However in the instructions, as well as in this question Fetching Ubuntu's OpenPGP keys for verification fails with "not a key ID: skipping"

there are two:

gpg: Signature made Thu Apr  5 22:19:36 2018 EDT
                    using DSA key ID 46181433FBB75451
gpg: Can't check signature: No public key
gpg: Signature made Thu Apr  5 22:19:36 2018 EDT
                    using RSA key ID D94AA3F0EFE21092
gpg: Can't check signature: No public key

Can someone tell me why there are two, and why I am only seeing one?

Side note: gpg's --keyid-format flag doesn't seem to do anything (I am just getting the fingerprint rather then ID in the output as if this flag is not there).

devengineer
  • 1

1 Answers1

1

The error message indicates that you do not currently have the Ubuntu CD signing public keys in your GPG Keyring. The instructions on the page you linked-to include steps for importing the key in such situations:

gpg --keyid-format long --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x46181433FBB75451 0xD94AA3F0EFE21092

This will download the key and add it into your GPG Keyring ready for use. From there you will be able to re-run the first command again, and it should succeed:

gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMS
Lucy Llewellyn
  • 510