60
votes
How to add a third-party repo. and key in Debian?
You must NEVER install any 3rd party key with apt-key add, as suggested in other posts, because it would cause the system to accept signatures from the third-party keyholder on all other repositories ...
- 1,054
24
votes
What is a vfat signature?
The signature partition is basically a mark/beacon there is something there, and it is not empty. It also may identify a partition.
It is useful on the context of several utilities/OS to tell the ...
- 58k
9
votes
Accepted
apt seems to be ignoring Signed-By
apt checks file extensions, not file contents, to determine the file type of public keys. The resulting errors are, apparently, sometimes silent. Renaming the key to yuuki-deb.asc, and updating the ...
- 712
8
votes
How to encrypt a file with private key
You can encrypt with a private key and decrypt with its public key:
To encrypt
$ TEXT="proof that private key can encrypt and public key can decrypt"
$ echo "$TEXT" | openssl ...
- 181
8
votes
apt seems to be ignoring Signed-By
For Debian releases older than Trixie (also known as Debian 13), the yuuki-deb documentation recommends the deprecated (since bullseye (also known as Debian 11)!) apt-key tool to add the gpg key and ...
- 69.9k
7
votes
Accepted
How to detach-sign a file with a specific private key? || Why this fails?
Solution
I have been to remedy the situation using the following working example:
gpg --local-user [fingerprint] --sign --armor --output somefile.tar.xz.asc --detach-sig somefile.tar.xz
Parsing
gpg: ...
- 31.1k
7
votes
Accepted
How can I check if there is a signature associated with a deb package?
dpkg-sig --list <deb-file.deb>
will list any items in the file which look like a signature, without verifying the file. This will list the role of any signature in the file; e.g.
$ dpkg-sig -l ...
- 481k
7
votes
How to create a self-signed certificate for Okular PDF
Following @Bib's comment I did the following:
Installed XCA
Created a new certificate database and password for the database
Created a certificate valid for digital signing only
Exported it as a .p12-...
- 314
6
votes
Accepted
What is the difference between a GPG signature and a detached signature?
What is the difference between a GPG signature and a detached signature?
By "GPG signature" you mean a signed message. This is the data being signed and the signature combined into one file....
- 1,764
6
votes
How do I view information contained in a file produced by `pdfsig -dump`?
The file can be inspected by the following command:
$ openssl pkcs7 -inform der -text -print_certs -in your_file.pdf.sig0
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
...
--...
- 6,005
5
votes
Accepted
Trouble verifying linux, even after downloading key I get "No public key"
You don’t have the right key; the 5.6.9 archive is signed by Greg Kroah-Hartman, not Linus. Running
gpg --recv-keys 647F28654894E3BD457199BE38DBBDC86092693E
will allow you to verify the archive. (...
- 481k
4
votes
Invalid signature for Kali Linux: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository
update the kali-archive-keyring package
wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb && sudo apt install ./kali-archive-keyring*.deb
the ...
- 141
3
votes
What is the difference between a GPG signature and a detached signature?
With -s, the output is the original document including the signature, in other words the output is the signed document. That explains why its size varies with the document size.
With -b, the output is ...
- 3,740
3
votes
Accepted
Remove -- from signature in neomutt
This is controlled by the sig_dashes config option so simply add unset sig_dashes to your neomuttrc config file, see neomutt documentation for more information.
- 20.5k
3
votes
Accepted
Black screen in Guix System installation
I was able to install the system by putting "nomodeset" in grub.
Follow the continuation here: https://issues.guix.gnu.org/44301
- 149
3
votes
Accepted
BAD signature when installing specific package with apk after forced poweroff
Clearing my apk package cache by deleting all files in /var/cache/apk resolved this.
# rm /var/cache/apk/*
You can probably also get away by just deleting the relevant packages from said location by ...
- 1,462
3
votes
Accepted
dpkg-source: warning: failed to verify signature
I am unsure if this is the right solution to my problem, but since it resolved the warning, I will add it here:
sudo apt-get install debian-keyring
As pointed out by Stephen Kitt, there is another ...
- 31.1k
3
votes
Accepted
rpm --addsign complains about "no secret key"
My problem was the secret keys were created with a different Unix user then the daemon that needed them. I verified this by running,
gpg --list-keys
You have to dump the secret key, add it to the ...
- 35.1k
3
votes
How do I prevent gpg from including SHA1?
When it comes to DEB packages and repositories, we're talking about explicitly creating a signature. This is different to encrypting and signing a message for a known recipient key. In that case, gpg ...
- 142
3
votes
Accepted
Installing Sublime Text with apt fails due to missing public key
I assumed that all processes reading the public key file would have root access. But it turns out likely not to be the case.
Because setting the permissions to 0640 caused the issues I reported, and ...
- 312
3
votes
How to create a self-signed certificate for Okular PDF
The answer from @gaussian worked, but I needed to figure out a few more details that don't fit in a comment:
In (2), I used the default filename XCADatabase.xdb from some other tutorial.
In (3), I ...
- 131
3
votes
Accepted
File signing with minimum hassle for the verifier
Isn't there a more flexible, less obtrusive approach? Maybe not GPG but something else?
BSD signify. You still have to exchange the public key at some point, but there's no keyring etc.
toolname --...
- 51.5k
3
votes
Accepted
apt rejects sha1 and rsa1024 signatures after upgrade to version >= 2.9.19 - when GnuPG is replaced with Sequoia
To solve this:
Create a folder to provide custom policy for Sequoia
sudo mkdir -p /etc/crypto-policies/back-ends
In this created folder, create and edit the custom policy file sequoia.config
sudo ...
- 690
2
votes
Set default key in gpg for signing
These steps are for EVERY GPG signing. That is, you don’t want to use the tedious --default-key on the CLI anymore.
List your signatures:
gpg --list-signatures
Select your key to be that default.
...
- 400
2
votes
Accepted
What happened to elfsign and elfverify?
That tool seems to be written by the same author of the paper skape ([email protected]). It's withheld from Debian for licensing reasons -- currently being under "The Clarified Artistic License".
The ...
- 35.1k
2
votes
What is a vfat signature?
To add to the above answer, fdisk can print a warning about a filesystem signature detected if you run it on a partition instead of an entire disk.
Example:
# fdisk /dev/sda1
The device contains '...
- 429
2
votes
Accepted
Correct way to verify PGP signature in BASH script (pinning exact long fingerprint)
Use gpgv:
gpgv --homedir "${tmpDir}/gnupg" --keyring "${tmpDir}/gnupg/pubring.kbx" python_gnupg-0.4.6-py2.py3-none-any.whl.asc python_gnupg-0.4.6-py2.py3-none-any.whl
It will only ...
- 481k
2
votes
Accepted
GPG drops all non-self-signatures
Solved it. The right flag was --keyserver-options no-self-sigs-only, so for example
gpg --verbose --keyserver-options no-self-sigs-only --keyserver keyserver.ubuntu.com --refresh-keys
- 101
2
votes
Accepted
GPG : no more signatures of a fresh imported key
Sadly, it's the usual reason why whe can't have nice things: someone found out how to abuse the GPG ecosystem, and then did exactly that.
The SKS keyserver network has had known vulnerabilities for ...
- 114k
Only top scored, non community-wiki answers of a minimum length are eligible