How do I verify an asc key fingerprint? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)How to verify vbox key? gpg: verify signatures failedHow do I import a public key?How do I publish a GPG Key?Ubuntu 13.04 update and install issueHow to verify a gpg signed fileHow to verify if a exported gpg key is a public or a private oneGnupg gpg2 IDEAEncrypt file with .asc extension from NautilusPGP Enigmail Problem, can no longer decrypt or sign my own messagesIs there a way for a casual user to verify the authenticity of a downloaded Ubuntu .ISO?How to verify vbox key? gpg: verify signatures failed

How to name indistinguishable henchmen in a screenplay?

Why did Bronn offer to be Tyrion Lannister's champion in trial by combat?

Short story about astronauts fertilizing soil with their own bodies

3D Masyu - A Die

What's the connection between Mr. Nancy and fried chicken?

How can I introduce the names of fantasy creatures to the reader?

Why are current probes so expensive?

Why is there so little support for joining EFTA in the British parliament?

"Destructive power" carried by a B-52?

Restricting the Object Type for the get method in java HashMap

Is there a verb for listening stealthily?

Why does BitLocker not use RSA?

Marquee sign letters

Asymmetric or symmetric - which makes sense in this scenario?

Is my guitar action too high?

Is there a canonical “inverse” of Abelianization?

How to make an animal which can only breed for a certain number of generations?

Improvising over quartal voicings

Unicode symbols with XeLaTeX and Lato font

Does the main washing effect of soap come from foam?

Is honorific speech ever used in the first person?

Can a Knight grant Knighthood to another?

Bash script to execute command with file from directory and condition

Can stored/leased 737s be used to substitute for grounded MAXs?



How do I verify an asc key fingerprint?



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)How to verify vbox key? gpg: verify signatures failedHow do I import a public key?How do I publish a GPG Key?Ubuntu 13.04 update and install issueHow to verify a gpg signed fileHow to verify if a exported gpg key is a public or a private oneGnupg gpg2 IDEAEncrypt file with .asc extension from NautilusPGP Enigmail Problem, can no longer decrypt or sign my own messagesIs there a way for a casual user to verify the authenticity of a downloaded Ubuntu .ISO?How to verify vbox key? gpg: verify signatures failed



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








14















At the moment, I'm trying to check the fingerprint of the oracle_vbox.asc key that I downloaded from http://www.virtualbox.org/wiki/Linux_Downloads: they provide the key and the fingerprint but no instructions for reviewing this information myself.



How do I show the fingerprint of the key I just downloaded?



apt-key finger oracle_vbox.asc shows the fingerprints of all trusted keys, which isn't what I want.










share|improve this question






























    14















    At the moment, I'm trying to check the fingerprint of the oracle_vbox.asc key that I downloaded from http://www.virtualbox.org/wiki/Linux_Downloads: they provide the key and the fingerprint but no instructions for reviewing this information myself.



    How do I show the fingerprint of the key I just downloaded?



    apt-key finger oracle_vbox.asc shows the fingerprints of all trusted keys, which isn't what I want.










    share|improve this question


























      14












      14








      14


      4






      At the moment, I'm trying to check the fingerprint of the oracle_vbox.asc key that I downloaded from http://www.virtualbox.org/wiki/Linux_Downloads: they provide the key and the fingerprint but no instructions for reviewing this information myself.



      How do I show the fingerprint of the key I just downloaded?



      apt-key finger oracle_vbox.asc shows the fingerprints of all trusted keys, which isn't what I want.










      share|improve this question
















      At the moment, I'm trying to check the fingerprint of the oracle_vbox.asc key that I downloaded from http://www.virtualbox.org/wiki/Linux_Downloads: they provide the key and the fingerprint but no instructions for reviewing this information myself.



      How do I show the fingerprint of the key I just downloaded?



      apt-key finger oracle_vbox.asc shows the fingerprints of all trusted keys, which isn't what I want.







      gnupg






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jun 24 '14 at 20:30









      Braiam

      52.7k20138225




      52.7k20138225










      asked Jun 13 '11 at 13:24









      AmandaAmanda

      4,360104386




      4,360104386




















          4 Answers
          4






          active

          oldest

          votes


















          17














          $ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
          $ gpg --with-fingerprint oracle_vbox.asc
          pub 1024D/98AB5139 2010-05-18 Oracle Corporation
          (VirtualBox archive signing key) <info@virtualbox.org>
          Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
          sub 2048g/281DDC4B 2010-05-18





          share|improve this answer

























          • Is there an analogous command without using gpg? I mean, in SSH, I can do cat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum and it will return me an MD5 hash which is equal to the fingerprint hash of ssh -lf ./id_rsa.pub. Is there a similar way to do it with GPG public keys?

            – user3019105
            Sep 13 '15 at 9:16






          • 2





            @user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.

            – maxschlepzig
            Sep 13 '15 at 9:58











          • The RFC says (about MD5 deprecated fingerprints): The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5., can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?

            – user3019105
            Sep 13 '15 at 10:06











          • @user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.

            – maxschlepzig
            Sep 13 '15 at 10:13











          • Ok thanks, but I still need to find out how to get the body of the MPIs that form the key material the RFC talks about

            – user3019105
            Sep 13 '15 at 10:19


















          3














          Step 1



          $ deb http://download.virtualbox.org/virtualbox/debian artful contrib



          Step 2



          $ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -



          Step 3



          $ apt-key list


          or, equivalently,



          $ apt-key finger


          which should return



          /etc/apt/trusted.gpg
          --------------------
          pub rsa4096 2016-04-22 [SC]
          B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
          uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
          sub rsa4096 2016-04-22 [E]


          which in turn should be equivalent to




          The key fingerprint for oracle_vbox_2016.asc is



          B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
          Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>



          on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.




          Related links:



          • Exchanging keys - GnuPG

          • https://www.torproject.org/docs/verifying-signatures.html.en





          share|improve this answer























          • this question is missing some explanation...

            – nutty about natty
            Aug 1 '18 at 7:24


















          0














          You have both the key and the fingerprint? Run:



          ssh-keygen -lf key.pub


          against the key to get the fingerprint.



          ssh-keygen reference: http://www.manpagez.com/man/1/ssh-keygen/






          share|improve this answer




















          • 3





            ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.

            – Amanda
            Jun 13 '11 at 22:09











          • my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?

            – mvario
            Jun 13 '11 at 22:30







          • 4





            This does not work.

            – maxschlepzig
            Jun 14 '12 at 22:39











          • ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.

            – Scott Stensland
            Jun 30 '16 at 0:20







          • 1





            ssh-keygen is not for PGP keys.

            – Geoffrey
            Oct 28 '18 at 2:42


















          0














          This works with GPG 2 (at least I could check it with versions 2.1.18 and 2.2.12):



          wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
          gpg_home=$(mktemp -d)
          gpg --homedir "$gpg_home" --import oracle_vbox.asc
          # gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
          # gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
          # gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
          # gpg: Total number processed: 1
          # gpg: imported: 1
          gpg --homedir "$gpg_home" --list-keys
          # /tmp/tmp.CHoWuJBy7N/pubring.kbx
          # -------------------------------
          # pub dsa1024 2010-05-18 [SC]
          # 7B0FAB3A13B907435925D9C954422A4B98AB5139
          # uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
          # sub elg2048 2010-05-18 [E]
          #


          Source: https://unix.stackexchange.com/a/468889






          share|improve this answer

























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "89"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f48508%2fhow-do-i-verify-an-asc-key-fingerprint%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            4 Answers
            4






            active

            oldest

            votes








            4 Answers
            4






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            17














            $ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
            $ gpg --with-fingerprint oracle_vbox.asc
            pub 1024D/98AB5139 2010-05-18 Oracle Corporation
            (VirtualBox archive signing key) <info@virtualbox.org>
            Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
            sub 2048g/281DDC4B 2010-05-18





            share|improve this answer

























            • Is there an analogous command without using gpg? I mean, in SSH, I can do cat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum and it will return me an MD5 hash which is equal to the fingerprint hash of ssh -lf ./id_rsa.pub. Is there a similar way to do it with GPG public keys?

              – user3019105
              Sep 13 '15 at 9:16






            • 2





              @user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.

              – maxschlepzig
              Sep 13 '15 at 9:58











            • The RFC says (about MD5 deprecated fingerprints): The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5., can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?

              – user3019105
              Sep 13 '15 at 10:06











            • @user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.

              – maxschlepzig
              Sep 13 '15 at 10:13











            • Ok thanks, but I still need to find out how to get the body of the MPIs that form the key material the RFC talks about

              – user3019105
              Sep 13 '15 at 10:19















            17














            $ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
            $ gpg --with-fingerprint oracle_vbox.asc
            pub 1024D/98AB5139 2010-05-18 Oracle Corporation
            (VirtualBox archive signing key) <info@virtualbox.org>
            Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
            sub 2048g/281DDC4B 2010-05-18





            share|improve this answer

























            • Is there an analogous command without using gpg? I mean, in SSH, I can do cat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum and it will return me an MD5 hash which is equal to the fingerprint hash of ssh -lf ./id_rsa.pub. Is there a similar way to do it with GPG public keys?

              – user3019105
              Sep 13 '15 at 9:16






            • 2





              @user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.

              – maxschlepzig
              Sep 13 '15 at 9:58











            • The RFC says (about MD5 deprecated fingerprints): The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5., can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?

              – user3019105
              Sep 13 '15 at 10:06











            • @user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.

              – maxschlepzig
              Sep 13 '15 at 10:13











            • Ok thanks, but I still need to find out how to get the body of the MPIs that form the key material the RFC talks about

              – user3019105
              Sep 13 '15 at 10:19













            17












            17








            17







            $ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
            $ gpg --with-fingerprint oracle_vbox.asc
            pub 1024D/98AB5139 2010-05-18 Oracle Corporation
            (VirtualBox archive signing key) <info@virtualbox.org>
            Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
            sub 2048g/281DDC4B 2010-05-18





            share|improve this answer















            $ wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
            $ gpg --with-fingerprint oracle_vbox.asc
            pub 1024D/98AB5139 2010-05-18 Oracle Corporation
            (VirtualBox archive signing key) <info@virtualbox.org>
            Key fingerprint = 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
            sub 2048g/281DDC4B 2010-05-18






            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 28 '17 at 20:47









            nutty about natty

            3,36173055




            3,36173055










            answered Jun 14 '12 at 22:36









            maxschlepzigmaxschlepzig

            1,94931930




            1,94931930












            • Is there an analogous command without using gpg? I mean, in SSH, I can do cat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum and it will return me an MD5 hash which is equal to the fingerprint hash of ssh -lf ./id_rsa.pub. Is there a similar way to do it with GPG public keys?

              – user3019105
              Sep 13 '15 at 9:16






            • 2





              @user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.

              – maxschlepzig
              Sep 13 '15 at 9:58











            • The RFC says (about MD5 deprecated fingerprints): The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5., can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?

              – user3019105
              Sep 13 '15 at 10:06











            • @user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.

              – maxschlepzig
              Sep 13 '15 at 10:13











            • Ok thanks, but I still need to find out how to get the body of the MPIs that form the key material the RFC talks about

              – user3019105
              Sep 13 '15 at 10:19

















            • Is there an analogous command without using gpg? I mean, in SSH, I can do cat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum and it will return me an MD5 hash which is equal to the fingerprint hash of ssh -lf ./id_rsa.pub. Is there a similar way to do it with GPG public keys?

              – user3019105
              Sep 13 '15 at 9:16






            • 2





              @user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.

              – maxschlepzig
              Sep 13 '15 at 9:58











            • The RFC says (about MD5 deprecated fingerprints): The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5., can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?

              – user3019105
              Sep 13 '15 at 10:06











            • @user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.

              – maxschlepzig
              Sep 13 '15 at 10:13











            • Ok thanks, but I still need to find out how to get the body of the MPIs that form the key material the RFC talks about

              – user3019105
              Sep 13 '15 at 10:19
















            Is there an analogous command without using gpg? I mean, in SSH, I can do cat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum and it will return me an MD5 hash which is equal to the fingerprint hash of ssh -lf ./id_rsa.pub. Is there a similar way to do it with GPG public keys?

            – user3019105
            Sep 13 '15 at 9:16





            Is there an analogous command without using gpg? I mean, in SSH, I can do cat ./id_rsa.pub | awk 'print $2' | base64 -d | md5sum and it will return me an MD5 hash which is equal to the fingerprint hash of ssh -lf ./id_rsa.pub. Is there a similar way to do it with GPG public keys?

            – user3019105
            Sep 13 '15 at 9:16




            2




            2





            @user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.

            – maxschlepzig
            Sep 13 '15 at 9:58





            @user3019105, no, there is not. The format of a PGP public key is a little bit more complicated. See RFC 4880 and the GPG source code for details.

            – maxschlepzig
            Sep 13 '15 at 9:58













            The RFC says (about MD5 deprecated fingerprints): The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5., can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?

            – user3019105
            Sep 13 '15 at 10:06





            The RFC says (about MD5 deprecated fingerprints): The fingerprint of a V3 key is formed by hashing the body (but not the two-octet length) of the MPIs that form the key material (public modulus n, followed by exponent e) with MD5., can't I get this MPIs' body given an ASCII Armor (Radix-64) public key file?

            – user3019105
            Sep 13 '15 at 10:06













            @user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.

            – maxschlepzig
            Sep 13 '15 at 10:13





            @user3019105, you can. You can duplicate what is already implemented in GPG. But such a command line would be quite more elaborate than the one you've posted for an ssh public key. Thus, it wouldn't be analogous.

            – maxschlepzig
            Sep 13 '15 at 10:13













            Ok thanks, but I still need to find out how to get the body of the MPIs that form the key material the RFC talks about

            – user3019105
            Sep 13 '15 at 10:19





            Ok thanks, but I still need to find out how to get the body of the MPIs that form the key material the RFC talks about

            – user3019105
            Sep 13 '15 at 10:19













            3














            Step 1



            $ deb http://download.virtualbox.org/virtualbox/debian artful contrib



            Step 2



            $ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -



            Step 3



            $ apt-key list


            or, equivalently,



            $ apt-key finger


            which should return



            /etc/apt/trusted.gpg
            --------------------
            pub rsa4096 2016-04-22 [SC]
            B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
            uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
            sub rsa4096 2016-04-22 [E]


            which in turn should be equivalent to




            The key fingerprint for oracle_vbox_2016.asc is



            B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
            Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>



            on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.




            Related links:



            • Exchanging keys - GnuPG

            • https://www.torproject.org/docs/verifying-signatures.html.en





            share|improve this answer























            • this question is missing some explanation...

              – nutty about natty
              Aug 1 '18 at 7:24















            3














            Step 1



            $ deb http://download.virtualbox.org/virtualbox/debian artful contrib



            Step 2



            $ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -



            Step 3



            $ apt-key list


            or, equivalently,



            $ apt-key finger


            which should return



            /etc/apt/trusted.gpg
            --------------------
            pub rsa4096 2016-04-22 [SC]
            B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
            uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
            sub rsa4096 2016-04-22 [E]


            which in turn should be equivalent to




            The key fingerprint for oracle_vbox_2016.asc is



            B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
            Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>



            on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.




            Related links:



            • Exchanging keys - GnuPG

            • https://www.torproject.org/docs/verifying-signatures.html.en





            share|improve this answer























            • this question is missing some explanation...

              – nutty about natty
              Aug 1 '18 at 7:24













            3












            3








            3







            Step 1



            $ deb http://download.virtualbox.org/virtualbox/debian artful contrib



            Step 2



            $ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -



            Step 3



            $ apt-key list


            or, equivalently,



            $ apt-key finger


            which should return



            /etc/apt/trusted.gpg
            --------------------
            pub rsa4096 2016-04-22 [SC]
            B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
            uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
            sub rsa4096 2016-04-22 [E]


            which in turn should be equivalent to




            The key fingerprint for oracle_vbox_2016.asc is



            B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
            Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>



            on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.




            Related links:



            • Exchanging keys - GnuPG

            • https://www.torproject.org/docs/verifying-signatures.html.en





            share|improve this answer













            Step 1



            $ deb http://download.virtualbox.org/virtualbox/debian artful contrib



            Step 2



            $ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -



            Step 3



            $ apt-key list


            or, equivalently,



            $ apt-key finger


            which should return



            /etc/apt/trusted.gpg
            --------------------
            pub rsa4096 2016-04-22 [SC]
            B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
            uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
            sub rsa4096 2016-04-22 [E]


            which in turn should be equivalent to




            The key fingerprint for oracle_vbox_2016.asc is



            B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
            Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>



            on https://www.virtualbox.org/wiki/Linux_Downloads, either by visual inspection or further command line fu.




            Related links:



            • Exchanging keys - GnuPG

            • https://www.torproject.org/docs/verifying-signatures.html.en






            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 28 '17 at 20:46









            nutty about nattynutty about natty

            3,36173055




            3,36173055












            • this question is missing some explanation...

              – nutty about natty
              Aug 1 '18 at 7:24

















            • this question is missing some explanation...

              – nutty about natty
              Aug 1 '18 at 7:24
















            this question is missing some explanation...

            – nutty about natty
            Aug 1 '18 at 7:24





            this question is missing some explanation...

            – nutty about natty
            Aug 1 '18 at 7:24











            0














            You have both the key and the fingerprint? Run:



            ssh-keygen -lf key.pub


            against the key to get the fingerprint.



            ssh-keygen reference: http://www.manpagez.com/man/1/ssh-keygen/






            share|improve this answer




















            • 3





              ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.

              – Amanda
              Jun 13 '11 at 22:09











            • my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?

              – mvario
              Jun 13 '11 at 22:30







            • 4





              This does not work.

              – maxschlepzig
              Jun 14 '12 at 22:39











            • ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.

              – Scott Stensland
              Jun 30 '16 at 0:20







            • 1





              ssh-keygen is not for PGP keys.

              – Geoffrey
              Oct 28 '18 at 2:42















            0














            You have both the key and the fingerprint? Run:



            ssh-keygen -lf key.pub


            against the key to get the fingerprint.



            ssh-keygen reference: http://www.manpagez.com/man/1/ssh-keygen/






            share|improve this answer




















            • 3





              ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.

              – Amanda
              Jun 13 '11 at 22:09











            • my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?

              – mvario
              Jun 13 '11 at 22:30







            • 4





              This does not work.

              – maxschlepzig
              Jun 14 '12 at 22:39











            • ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.

              – Scott Stensland
              Jun 30 '16 at 0:20







            • 1





              ssh-keygen is not for PGP keys.

              – Geoffrey
              Oct 28 '18 at 2:42













            0












            0








            0







            You have both the key and the fingerprint? Run:



            ssh-keygen -lf key.pub


            against the key to get the fingerprint.



            ssh-keygen reference: http://www.manpagez.com/man/1/ssh-keygen/






            share|improve this answer















            You have both the key and the fingerprint? Run:



            ssh-keygen -lf key.pub


            against the key to get the fingerprint.



            ssh-keygen reference: http://www.manpagez.com/man/1/ssh-keygen/







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Jun 24 '16 at 18:27









            Eric Carvalho

            42.6k17118148




            42.6k17118148










            answered Jun 13 '11 at 15:11









            mvariomvario

            61269




            61269







            • 3





              ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.

              – Amanda
              Jun 13 '11 at 22:09











            • my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?

              – mvario
              Jun 13 '11 at 22:30







            • 4





              This does not work.

              – maxschlepzig
              Jun 14 '12 at 22:39











            • ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.

              – Scott Stensland
              Jun 30 '16 at 0:20







            • 1





              ssh-keygen is not for PGP keys.

              – Geoffrey
              Oct 28 '18 at 2:42












            • 3





              ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.

              – Amanda
              Jun 13 '11 at 22:09











            • my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?

              – mvario
              Jun 13 '11 at 22:30







            • 4





              This does not work.

              – maxschlepzig
              Jun 14 '12 at 22:39











            • ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.

              – Scott Stensland
              Jun 30 '16 at 0:20







            • 1





              ssh-keygen is not for PGP keys.

              – Geoffrey
              Oct 28 '18 at 2:42







            3




            3





            ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.

            – Amanda
            Jun 13 '11 at 22:09





            ssh-keygen doesn't recognize "oracle_vbox.asc" as a public key file.

            – Amanda
            Jun 13 '11 at 22:09













            my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?

            – mvario
            Jun 13 '11 at 22:30






            my mistake, the command should be "ssh-keygen -lf" Do you still get a nerror?

            – mvario
            Jun 13 '11 at 22:30





            4




            4





            This does not work.

            – maxschlepzig
            Jun 14 '12 at 22:39





            This does not work.

            – maxschlepzig
            Jun 14 '12 at 22:39













            ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.

            – Scott Stensland
            Jun 30 '16 at 0:20






            ssh-keygen -lf oracle_vbox_2016.asc oracle_vbox_2016.asc is not a public key file.

            – Scott Stensland
            Jun 30 '16 at 0:20





            1




            1





            ssh-keygen is not for PGP keys.

            – Geoffrey
            Oct 28 '18 at 2:42





            ssh-keygen is not for PGP keys.

            – Geoffrey
            Oct 28 '18 at 2:42











            0














            This works with GPG 2 (at least I could check it with versions 2.1.18 and 2.2.12):



            wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
            gpg_home=$(mktemp -d)
            gpg --homedir "$gpg_home" --import oracle_vbox.asc
            # gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
            # gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
            # gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
            # gpg: Total number processed: 1
            # gpg: imported: 1
            gpg --homedir "$gpg_home" --list-keys
            # /tmp/tmp.CHoWuJBy7N/pubring.kbx
            # -------------------------------
            # pub dsa1024 2010-05-18 [SC]
            # 7B0FAB3A13B907435925D9C954422A4B98AB5139
            # uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
            # sub elg2048 2010-05-18 [E]
            #


            Source: https://unix.stackexchange.com/a/468889






            share|improve this answer





























              0














              This works with GPG 2 (at least I could check it with versions 2.1.18 and 2.2.12):



              wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
              gpg_home=$(mktemp -d)
              gpg --homedir "$gpg_home" --import oracle_vbox.asc
              # gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
              # gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
              # gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
              # gpg: Total number processed: 1
              # gpg: imported: 1
              gpg --homedir "$gpg_home" --list-keys
              # /tmp/tmp.CHoWuJBy7N/pubring.kbx
              # -------------------------------
              # pub dsa1024 2010-05-18 [SC]
              # 7B0FAB3A13B907435925D9C954422A4B98AB5139
              # uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
              # sub elg2048 2010-05-18 [E]
              #


              Source: https://unix.stackexchange.com/a/468889






              share|improve this answer



























                0












                0








                0







                This works with GPG 2 (at least I could check it with versions 2.1.18 and 2.2.12):



                wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
                gpg_home=$(mktemp -d)
                gpg --homedir "$gpg_home" --import oracle_vbox.asc
                # gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
                # gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
                # gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
                # gpg: Total number processed: 1
                # gpg: imported: 1
                gpg --homedir "$gpg_home" --list-keys
                # /tmp/tmp.CHoWuJBy7N/pubring.kbx
                # -------------------------------
                # pub dsa1024 2010-05-18 [SC]
                # 7B0FAB3A13B907435925D9C954422A4B98AB5139
                # uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
                # sub elg2048 2010-05-18 [E]
                #


                Source: https://unix.stackexchange.com/a/468889






                share|improve this answer















                This works with GPG 2 (at least I could check it with versions 2.1.18 and 2.2.12):



                wget http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
                gpg_home=$(mktemp -d)
                gpg --homedir "$gpg_home" --import oracle_vbox.asc
                # gpg: keybox '/tmp/tmp.CHoWuJBy7N/pubring.kbx' created
                # gpg: /tmp/tmp.CHoWuJBy7N/trustdb.gpg: trustdb created
                # gpg: key 54422A4B98AB5139: public key "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>" imported
                # gpg: Total number processed: 1
                # gpg: imported: 1
                gpg --homedir "$gpg_home" --list-keys
                # /tmp/tmp.CHoWuJBy7N/pubring.kbx
                # -------------------------------
                # pub dsa1024 2010-05-18 [SC]
                # 7B0FAB3A13B907435925D9C954422A4B98AB5139
                # uid [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
                # sub elg2048 2010-05-18 [E]
                #


                Source: https://unix.stackexchange.com/a/468889







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 14 mins ago

























                answered 21 mins ago









                ominugominug

                16113




                16113



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f48508%2fhow-do-i-verify-an-asc-key-fingerprint%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Möglingen Índice Localización Historia Demografía Referencias Enlaces externos Menú de navegación48°53′18″N 9°07′45″E / 48.888333333333, 9.129166666666748°53′18″N 9°07′45″E / 48.888333333333, 9.1291666666667Sitio web oficial Mapa de Möglingen«Gemeinden in Deutschland nach Fläche, Bevölkerung und Postleitzahl am 30.09.2016»Möglingen

                    Virtualbox - Configuration error: Querying “UUID” failed (VERR_CFGM_VALUE_NOT_FOUND)“VERR_SUPLIB_WORLD_WRITABLE” error when trying to installing OS in virtualboxVirtual Box Kernel errorFailed to open a seesion for the virtual machineFailed to open a session for the virtual machineUbuntu 14.04 LTS Virtualbox errorcan't use VM VirtualBoxusing virtualboxI can't run Linux-64 Bit on VirtualBoxUnable to insert the virtual optical disk (VBoxguestaddition) in virtual machine for ubuntu server in win 10VirtuaBox in Ubuntu 18.04 Issues with Win10.ISO Installation

                    Torre de la Isleta Índice Véase también Referencias Bibliografía Enlaces externos Menú de navegación38°25′58″N 0°23′02″O / 38.43277778, -0.3838888938°25′58″N 0°23′02″O / 38.43277778, -0.38388889Torre de la Illeta de l’Horta o Torre Saleta. Base de datos de bienes inmuebles. Patrimonio Cultural. Secretaría de Estado de CulturaFicha BIC Torre de la Illeta de l’Horta. Dirección General de Patrimonio Cultural. Generalitat ValencianaLugares de interés. Ayuntamiento del CampelloTorre de la Isleta en CastillosNet.org