Hi, Thomas George wrote: > I am going to erase every thing I have done and start over.
There's no need for starting over. The SHA512SUM file is meanwhile authenticated by your run of: > > gpg2 --verify SHA512SUMS.sign SHA512SUMS > > [...] > > gpg: Good signature from "Debian CD signing key > ><debian...@lists.debian.org>" [unknown] > > [...] > > ...gpg: WARNING: This key is not certified with a trusted signature! > > ......There is no indication that the signature belongs to the owner > > ...Primary key fingerprint: DF9B9C49EAA9298432589D76DA87E80D6294BE9B The warning is normal with the Debian keys and can be ignored. Important is the key fingerprint, which is published on https://www.debian.org/CD/verify as Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B I would leave it to copy+paste and the computer to compare the strings. Remove the blanks from the published number: echo "DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B" | sed -e 's/ //g' which will respond by DF9B9C49EAA9298432589D76DA87E80D6294BE9B Copy+paste the result and the string reported by gpg --verify to a comparison command: test DF9B9C49EAA9298432589D76DA87E80D6294BE9B = DF9B9C49EAA9298432589D76DA87E80D6294BE9B && echo MATCH which responds by MATCH ---------------------------------------------------------------------- So now you only have to verify the SHA512 checksum of the ISO by sha512sum -c SHA515SUMS and watching out for the response debian-11.5.0-amd64-netinst.iso: OK Have a nice day :) Thomas
