How do I verify an asc key fingerprint? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)How to verify vbox key? gpg: verify signatures failedHow do I import a public key?How do I publish a GPG Key?Ubuntu 13.04 update and install issueHow to verify a gpg signed fileHow to verify if a exported gpg key is a public or a private oneGnupg gpg2 IDEAEncrypt file with .asc extension from NautilusPGP Enigmail Problem, can no longer decrypt or sign my own messagesIs there a way for a casual user to verify the authenticity of a downloaded Ubuntu .ISO?How to verify vbox key? gpg: verify signatures failed
How to name indistinguishable henchmen in a screenplay?
Why did Bronn offer to be Tyrion Lannister's champion in trial by combat?
Short story about astronauts fertilizing soil with their own bodies
3D Masyu - A Die
What's the connection between Mr. Nancy and fried chicken?
How can I introduce the names of fantasy creatures to the reader?
Why are current probes so expensive?
Why is there so little support for joining EFTA in the British parliament?
"Destructive power" carried by a B-52?
Restricting the Object Type for the get method in java HashMap
Is there a verb for listening stealthily?
Why does BitLocker not use RSA?
Marquee sign letters
Asymmetric or symmetric - which makes sense in this scenario?
Is my guitar action too high?
Is there a canonical “inverse” of Abelianization?
How to make an animal which can only breed for a certain number of generations?
Improvising over quartal voicings
Unicode symbols with XeLaTeX and Lato font
Does the main washing effect of soap come from foam?
Is honorific speech ever used in the first person?
Can a Knight grant Knighthood to another?
Bash script to execute command with file from directory and condition
Can stored/leased 737s be used to substitute for grounded MAXs?
How do I verify an asc key fingerprint?
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)How to verify vbox key? gpg: verify signatures failedHow do I import a public key?How do I publish a GPG Key?Ubuntu 13.04 update and install issueHow to verify a gpg signed fileHow to verify if a exported gpg key is a public or a private oneGnupg gpg2 IDEAEncrypt file with .asc extension from NautilusPGP Enigmail Problem, can no longer decrypt or sign my own messagesIs there a way for a casual user to verify the authenticity of a downloaded Ubuntu .ISO?How to verify vbox key? gpg: verify signatures failed
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
At the moment, I'm trying to check the fingerprint of the oracle_vbox.asc key that I downloaded from http://www.virtualbox.org/wiki/Linux_Downloads: they provide the key and the fingerprint but no instructions for reviewing this information myself.
How do I show the fingerprint of the key I just downloaded?
apt-key finger oracle_vbox.asc
shows the fingerprints of all trusted keys, which isn't what I want.
gnupg
add a comment |
At the moment, I'm trying to check the fingerprint of the oracle_vbox.asc key that I downloaded from http://www.virtualbox.org/wiki/Linux_Downloads: they provide the key and the fingerprint but no instructions for reviewing this information myself.
How do I show the fingerprint of the key I just downloaded?
apt-key finger oracle_vbox.asc
shows the fingerprints of all trusted keys, which isn't what I want.
gnupg
add a comment |
At the moment, I'm trying to check the fingerprint of the oracle_vbox.asc key that I downloaded from http://www.virtualbox.org/wiki/Linux_Downloads: they provide the key and the fingerprint but no instructions for reviewing this information myself.
How do I show the fingerprint of the key I just downloaded?
apt-key finger oracle_vbox.asc
shows the fingerprints of all trusted keys, which isn't what I want.
gnupg
At the moment, I'm trying to check the fingerprint of the oracle_vbox.asc key that I downloaded from http://www.virtualbox.org/wiki/Linux_Downloads: they provide the key and the fingerprint but no instructions for reviewing this information myself.
How do I show the fingerprint of the key I just downloaded?
apt-key finger oracle_vbox.asc
shows the fingerprints of all trusted keys, which isn't what I want.
gnupg
gnupg
edited Jun 24 '14 at 20:30
Braiam
52.7k20138225
52.7k20138225
asked Jun 13 '11 at 13:24
AmandaAmanda
4,360104386
4,360104386
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
$ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
$ gpg --with-fingerprint oracle_vbox.asc
pub 1024D/98AB5139 2010-05-18 Oracle Corporation
(VirtualBox archive signing key) <info@virtualbox.org>
Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
sub 2048g/281DDC4B 2010-05-18
Is there an analogous command without usinggpg
? I mean, in SSH, I can docat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum
and it will return me an MD5 hash which is equal to the fingerprint hash ofssh -lf ./id_rsa.pub
. Is there a similar way to do it with GPG public keys?
– user3019105
Sep 13 '15 at 9:16
2
@user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.
– maxschlepzig
Sep 13 '15 at 9:58
The RFC says (about MD5 deprecated fingerprints):The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5.
, can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?
– user3019105
Sep 13 '15 at 10:06
@user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.
– maxschlepzig
Sep 13 '15 at 10:13
Ok thanks, but I still need to find out how to get thebody of the MPIs that form the key material
the RFC talks about
– user3019105
Sep 13 '15 at 10:19
|
show 3 more comments
Step 1
$ deb http://download.virtualbox.org/virtualbox/debian artful contrib
Step 2
$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
Step 3
$ apt-key list
or, equivalently,
$ apt-key finger
which should return
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2016-04-22 [SC]
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
sub rsa4096 2016-04-22 [E]
which in turn should be equivalent to
The key fingerprint for oracle_vbox_2016.asc is
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.
Related links:
- Exchanging keys - GnuPG
- https://www.torproject.org/docs/verifying-signatures.html.en
this question is missing some explanation...
– nutty about natty
Aug 1 '18 at 7:24
add a comment |
You have both the key and the fingerprint? Run:
ssh-keygen -lf key.pub
against the key to get the fingerprint.
ssh-keygen
reference: http://www.manpagez.com/man/1/ssh-keygen/
3
ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.
– Amanda
Jun 13 '11 at 22:09
my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?
– mvario
Jun 13 '11 at 22:30
4
This does not work.
– maxschlepzig
Jun 14 '12 at 22:39
ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.
– Scott Stensland
Jun 30 '16 at 0:20
1
ssh-keygen is not for PGP keys.
– Geoffrey
Oct 28 '18 at 2:42
add a comment |
This works with GPG 2 (at least I could check it with versions 2.1.18
and 2.2.12
):
wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
gpg_home=$(mktemp -d)
gpg --homedir "$gpg_home" --import oracle_vbox.asc
# gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
# gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
# gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
# gpg: Total number processed: 1
# gpg: imported: 1
gpg --homedir "$gpg_home" --list-keys
# /tmp/tmp.CHoWuJBy7N/pubring.kbx
# -------------------------------
# pub dsa1024 2010-05-18 [SC]
# 7B0FAB3A13B907435925D9C954422A4B98AB5139
# uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
# sub elg2048 2010-05-18 [E]
#
Source: https://unix.stackexchange.com/a/468889
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f48508%2fhow-do-i-verify-an-asc-key-fingerprint%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
$ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
$ gpg --with-fingerprint oracle_vbox.asc
pub 1024D/98AB5139 2010-05-18 Oracle Corporation
(VirtualBox archive signing key) <info@virtualbox.org>
Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
sub 2048g/281DDC4B 2010-05-18
Is there an analogous command without usinggpg
? I mean, in SSH, I can docat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum
and it will return me an MD5 hash which is equal to the fingerprint hash ofssh -lf ./id_rsa.pub
. Is there a similar way to do it with GPG public keys?
– user3019105
Sep 13 '15 at 9:16
2
@user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.
– maxschlepzig
Sep 13 '15 at 9:58
The RFC says (about MD5 deprecated fingerprints):The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5.
, can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?
– user3019105
Sep 13 '15 at 10:06
@user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.
– maxschlepzig
Sep 13 '15 at 10:13
Ok thanks, but I still need to find out how to get thebody of the MPIs that form the key material
the RFC talks about
– user3019105
Sep 13 '15 at 10:19
|
show 3 more comments
$ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
$ gpg --with-fingerprint oracle_vbox.asc
pub 1024D/98AB5139 2010-05-18 Oracle Corporation
(VirtualBox archive signing key) <info@virtualbox.org>
Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
sub 2048g/281DDC4B 2010-05-18
Is there an analogous command without usinggpg
? I mean, in SSH, I can docat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum
and it will return me an MD5 hash which is equal to the fingerprint hash ofssh -lf ./id_rsa.pub
. Is there a similar way to do it with GPG public keys?
– user3019105
Sep 13 '15 at 9:16
2
@user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.
– maxschlepzig
Sep 13 '15 at 9:58
The RFC says (about MD5 deprecated fingerprints):The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5.
, can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?
– user3019105
Sep 13 '15 at 10:06
@user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.
– maxschlepzig
Sep 13 '15 at 10:13
Ok thanks, but I still need to find out how to get thebody of the MPIs that form the key material
the RFC talks about
– user3019105
Sep 13 '15 at 10:19
|
show 3 more comments
$ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
$ gpg --with-fingerprint oracle_vbox.asc
pub 1024D/98AB5139 2010-05-18 Oracle Corporation
(VirtualBox archive signing key) <info@virtualbox.org>
Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
sub 2048g/281DDC4B 2010-05-18
$ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
$ gpg --with-fingerprint oracle_vbox.asc
pub 1024D/98AB5139 2010-05-18 Oracle Corporation
(VirtualBox archive signing key) <info@virtualbox.org>
Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
sub 2048g/281DDC4B 2010-05-18
edited Nov 28 '17 at 20:47
nutty about natty
3,36173055
3,36173055
answered Jun 14 '12 at 22:36
maxschlepzigmaxschlepzig
1,94931930
1,94931930
Is there an analogous command without usinggpg
? I mean, in SSH, I can docat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum
and it will return me an MD5 hash which is equal to the fingerprint hash ofssh -lf ./id_rsa.pub
. Is there a similar way to do it with GPG public keys?
– user3019105
Sep 13 '15 at 9:16
2
@user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.
– maxschlepzig
Sep 13 '15 at 9:58
The RFC says (about MD5 deprecated fingerprints):The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5.
, can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?
– user3019105
Sep 13 '15 at 10:06
@user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.
– maxschlepzig
Sep 13 '15 at 10:13
Ok thanks, but I still need to find out how to get thebody of the MPIs that form the key material
the RFC talks about
– user3019105
Sep 13 '15 at 10:19
|
show 3 more comments
Is there an analogous command without usinggpg
? I mean, in SSH, I can docat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum
and it will return me an MD5 hash which is equal to the fingerprint hash ofssh -lf ./id_rsa.pub
. Is there a similar way to do it with GPG public keys?
– user3019105
Sep 13 '15 at 9:16
2
@user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.
– maxschlepzig
Sep 13 '15 at 9:58
The RFC says (about MD5 deprecated fingerprints):The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5.
, can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?
– user3019105
Sep 13 '15 at 10:06
@user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.
– maxschlepzig
Sep 13 '15 at 10:13
Ok thanks, but I still need to find out how to get thebody of the MPIs that form the key material
the RFC talks about
– user3019105
Sep 13 '15 at 10:19
Is there an analogous command without using
gpg
? I mean, in SSH, I can do cat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum
and it will return me an MD5 hash which is equal to the fingerprint hash of ssh -lf ./id_rsa.pub
. Is there a similar way to do it with GPG public keys?– user3019105
Sep 13 '15 at 9:16
Is there an analogous command without using
gpg
? I mean, in SSH, I can do cat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum
and it will return me an MD5 hash which is equal to the fingerprint hash of ssh -lf ./id_rsa.pub
. Is there a similar way to do it with GPG public keys?– user3019105
Sep 13 '15 at 9:16
2
2
@user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.
– maxschlepzig
Sep 13 '15 at 9:58
@user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.
– maxschlepzig
Sep 13 '15 at 9:58
The RFC says (about MD5 deprecated fingerprints):
The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5.
, can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?– user3019105
Sep 13 '15 at 10:06
The RFC says (about MD5 deprecated fingerprints):
The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5.
, can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?– user3019105
Sep 13 '15 at 10:06
@user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.
– maxschlepzig
Sep 13 '15 at 10:13
@user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.
– maxschlepzig
Sep 13 '15 at 10:13
Ok thanks, but I still need to find out how to get the
body of the MPIs that form the key material
the RFC talks about– user3019105
Sep 13 '15 at 10:19
Ok thanks, but I still need to find out how to get the
body of the MPIs that form the key material
the RFC talks about– user3019105
Sep 13 '15 at 10:19
|
show 3 more comments
Step 1
$ deb http://download.virtualbox.org/virtualbox/debian artful contrib
Step 2
$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
Step 3
$ apt-key list
or, equivalently,
$ apt-key finger
which should return
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2016-04-22 [SC]
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
sub rsa4096 2016-04-22 [E]
which in turn should be equivalent to
The key fingerprint for oracle_vbox_2016.asc is
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.
Related links:
- Exchanging keys - GnuPG
- https://www.torproject.org/docs/verifying-signatures.html.en
this question is missing some explanation...
– nutty about natty
Aug 1 '18 at 7:24
add a comment |
Step 1
$ deb http://download.virtualbox.org/virtualbox/debian artful contrib
Step 2
$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
Step 3
$ apt-key list
or, equivalently,
$ apt-key finger
which should return
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2016-04-22 [SC]
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
sub rsa4096 2016-04-22 [E]
which in turn should be equivalent to
The key fingerprint for oracle_vbox_2016.asc is
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.
Related links:
- Exchanging keys - GnuPG
- https://www.torproject.org/docs/verifying-signatures.html.en
this question is missing some explanation...
– nutty about natty
Aug 1 '18 at 7:24
add a comment |
Step 1
$ deb http://download.virtualbox.org/virtualbox/debian artful contrib
Step 2
$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
Step 3
$ apt-key list
or, equivalently,
$ apt-key finger
which should return
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2016-04-22 [SC]
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
sub rsa4096 2016-04-22 [E]
which in turn should be equivalent to
The key fingerprint for oracle_vbox_2016.asc is
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.
Related links:
- Exchanging keys - GnuPG
- https://www.torproject.org/docs/verifying-signatures.html.en
Step 1
$ deb http://download.virtualbox.org/virtualbox/debian artful contrib
Step 2
$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
Step 3
$ apt-key list
or, equivalently,
$ apt-key finger
which should return
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2016-04-22 [SC]
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
sub rsa4096 2016-04-22 [E]
which in turn should be equivalent to
The key fingerprint for oracle_vbox_2016.asc is
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.
Related links:
- Exchanging keys - GnuPG
- https://www.torproject.org/docs/verifying-signatures.html.en
answered Nov 28 '17 at 20:46
nutty about nattynutty about natty
3,36173055
3,36173055
this question is missing some explanation...
– nutty about natty
Aug 1 '18 at 7:24
add a comment |
this question is missing some explanation...
– nutty about natty
Aug 1 '18 at 7:24
this question is missing some explanation...
– nutty about natty
Aug 1 '18 at 7:24
this question is missing some explanation...
– nutty about natty
Aug 1 '18 at 7:24
add a comment |
You have both the key and the fingerprint? Run:
ssh-keygen -lf key.pub
against the key to get the fingerprint.
ssh-keygen
reference: http://www.manpagez.com/man/1/ssh-keygen/
3
ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.
– Amanda
Jun 13 '11 at 22:09
my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?
– mvario
Jun 13 '11 at 22:30
4
This does not work.
– maxschlepzig
Jun 14 '12 at 22:39
ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.
– Scott Stensland
Jun 30 '16 at 0:20
1
ssh-keygen is not for PGP keys.
– Geoffrey
Oct 28 '18 at 2:42
add a comment |
You have both the key and the fingerprint? Run:
ssh-keygen -lf key.pub
against the key to get the fingerprint.
ssh-keygen
reference: http://www.manpagez.com/man/1/ssh-keygen/
3
ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.
– Amanda
Jun 13 '11 at 22:09
my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?
– mvario
Jun 13 '11 at 22:30
4
This does not work.
– maxschlepzig
Jun 14 '12 at 22:39
ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.
– Scott Stensland
Jun 30 '16 at 0:20
1
ssh-keygen is not for PGP keys.
– Geoffrey
Oct 28 '18 at 2:42
add a comment |
You have both the key and the fingerprint? Run:
ssh-keygen -lf key.pub
against the key to get the fingerprint.
ssh-keygen
reference: http://www.manpagez.com/man/1/ssh-keygen/
You have both the key and the fingerprint? Run:
ssh-keygen -lf key.pub
against the key to get the fingerprint.
ssh-keygen
reference: http://www.manpagez.com/man/1/ssh-keygen/
edited Jun 24 '16 at 18:27
Eric Carvalho
42.6k17118148
42.6k17118148
answered Jun 13 '11 at 15:11
mvariomvario
61269
61269
3
ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.
– Amanda
Jun 13 '11 at 22:09
my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?
– mvario
Jun 13 '11 at 22:30
4
This does not work.
– maxschlepzig
Jun 14 '12 at 22:39
ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.
– Scott Stensland
Jun 30 '16 at 0:20
1
ssh-keygen is not for PGP keys.
– Geoffrey
Oct 28 '18 at 2:42
add a comment |
3
ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.
– Amanda
Jun 13 '11 at 22:09
my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?
– mvario
Jun 13 '11 at 22:30
4
This does not work.
– maxschlepzig
Jun 14 '12 at 22:39
ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.
– Scott Stensland
Jun 30 '16 at 0:20
1
ssh-keygen is not for PGP keys.
– Geoffrey
Oct 28 '18 at 2:42
3
3
ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.
– Amanda
Jun 13 '11 at 22:09
ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.
– Amanda
Jun 13 '11 at 22:09
my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?
– mvario
Jun 13 '11 at 22:30
my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?
– mvario
Jun 13 '11 at 22:30
4
4
This does not work.
– maxschlepzig
Jun 14 '12 at 22:39
This does not work.
– maxschlepzig
Jun 14 '12 at 22:39
ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.
– Scott Stensland
Jun 30 '16 at 0:20
ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.
– Scott Stensland
Jun 30 '16 at 0:20
1
1
ssh-keygen is not for PGP keys.
– Geoffrey
Oct 28 '18 at 2:42
ssh-keygen is not for PGP keys.
– Geoffrey
Oct 28 '18 at 2:42
add a comment |
This works with GPG 2 (at least I could check it with versions 2.1.18
and 2.2.12
):
wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
gpg_home=$(mktemp -d)
gpg --homedir "$gpg_home" --import oracle_vbox.asc
# gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
# gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
# gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
# gpg: Total number processed: 1
# gpg: imported: 1
gpg --homedir "$gpg_home" --list-keys
# /tmp/tmp.CHoWuJBy7N/pubring.kbx
# -------------------------------
# pub dsa1024 2010-05-18 [SC]
# 7B0FAB3A13B907435925D9C954422A4B98AB5139
# uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
# sub elg2048 2010-05-18 [E]
#
Source: https://unix.stackexchange.com/a/468889
add a comment |
This works with GPG 2 (at least I could check it with versions 2.1.18
and 2.2.12
):
wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
gpg_home=$(mktemp -d)
gpg --homedir "$gpg_home" --import oracle_vbox.asc
# gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
# gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
# gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
# gpg: Total number processed: 1
# gpg: imported: 1
gpg --homedir "$gpg_home" --list-keys
# /tmp/tmp.CHoWuJBy7N/pubring.kbx
# -------------------------------
# pub dsa1024 2010-05-18 [SC]
# 7B0FAB3A13B907435925D9C954422A4B98AB5139
# uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
# sub elg2048 2010-05-18 [E]
#
Source: https://unix.stackexchange.com/a/468889
add a comment |
This works with GPG 2 (at least I could check it with versions 2.1.18
and 2.2.12
):
wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
gpg_home=$(mktemp -d)
gpg --homedir "$gpg_home" --import oracle_vbox.asc
# gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
# gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
# gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
# gpg: Total number processed: 1
# gpg: imported: 1
gpg --homedir "$gpg_home" --list-keys
# /tmp/tmp.CHoWuJBy7N/pubring.kbx
# -------------------------------
# pub dsa1024 2010-05-18 [SC]
# 7B0FAB3A13B907435925D9C954422A4B98AB5139
# uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
# sub elg2048 2010-05-18 [E]
#
Source: https://unix.stackexchange.com/a/468889
This works with GPG 2 (at least I could check it with versions 2.1.18
and 2.2.12
):
wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
gpg_home=$(mktemp -d)
gpg --homedir "$gpg_home" --import oracle_vbox.asc
# gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
# gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
# gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
# gpg: Total number processed: 1
# gpg: imported: 1
gpg --homedir "$gpg_home" --list-keys
# /tmp/tmp.CHoWuJBy7N/pubring.kbx
# -------------------------------
# pub dsa1024 2010-05-18 [SC]
# 7B0FAB3A13B907435925D9C954422A4B98AB5139
# uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
# sub elg2048 2010-05-18 [E]
#
Source: https://unix.stackexchange.com/a/468889
edited 14 mins ago
answered 21 mins ago
ominugominug
16113
16113
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f48508%2fhow-do-i-verify-an-asc-key-fingerprint%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown