On Fri, Mar 28, 2025 at 8:42 PM Pier Antonio Corradini <pierantonio.corrad...@gmail.com> wrote: > > I think I got it: the final step is to compare the fingerprint of the primary > key, at the end of the command output > > PS C:\Users\CP\Documents\Linux\Debian12.10.0\HTTPVersion> gpg --verify > SHA512SUMS.sign SHA512SUMS.txt > gpg: Signing done 03/15/25 21:33:08 Western European Standard Time > gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B > gpg: Valid signature from "Debian CD signing key > <debian...@lists.debian.org>" [unknown] > gpg: WARNING: this key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B > > with the primary key fingerprint at the link: https://www.debian.org/CD/verify > > Fingerprint comparison: > > DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B > DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B > > So now the authenticity check is complete and the authenticity is completely > sure?
<https://www.debian.org/CD/verify> and <https://keyring.debian.org/>. Jeff
