-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I hear about GPG more and more, especially in regards to verifying Linux ISOs. While I've read a lot about it I'm not a user, but I decided to bite the bullet, do some experimenting with GPG. I've made a key pair for myself, even signed the Linux Mint key :P. You can download a copy of my personal notes on using GPG from here ( https://mega.nz/#!9opQSbSQ!dhh7sTh7HaGvUv_PbBd8ymuJ8S4hC_wvFTOdAqMPy9k ) if you're interested; I cannot promise they're perfect. Alternatively check out the official documentation here ( https://www.gnupg.org/gph/en/manual/c14.html ) and here ( https://www.gnupg.org/documentation/manuals/gnupg/ ) to learn more about GPG/OpenPGP. Or, just google around. One thing I notice a lot is a Linux distro will provide a detached signatured and then doesn't actually provide you with their public key, tell you which keyserver they've submitted it to (if any), or even give you the key ID so you can search for it. To be clear, you can use the verify option to determine which key is needed but this is only helpful if you can trust the the file you've downloaded hasn't been tampered with (which is why you wanted the key in the first place!). Some distros do provide all the information you need, but not all of them make it easy to find. Personally I verify my ISOs with a checksum, but for those who are using OpenPGP signatures this has to be annoying? I was thinking this thread could serve as a place to post this kind of information, so it's easy to find (eg: this is the key you need for this distro release, and this is where you can get it). Since this posting is about OpenPGP keys, it seemed fitting to sign this post. If you want to verify this post is from me (and hasn't been altered since I posted it) you can get my public key from here ( https://mega.nz/#!Q9BRlLJY!SZdrNsR4Vr0NnH5HFNLCFGQ1ki_Bh7ITTtRh-Kd8EoY ). Happy verifying. :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJXXfv5AAoJEA8RseiN1bnCungQAKg9PxDqMGoG22nDRUszscbF PnUXXnyqxrfk/vFOPn5pFFs5ydtRS6Cq+29leGZu3XQcB03zZMDPfbOs1XHv9PlP uZ75cnZvYoiMQ/Ab4qHpPBS004EZbXWH2/oYvAAKrttUNPVBs+nqLX2XscaDzemd kdVC5eMk7WlIPybd3mnr7T0hzPCR08yMELff0rzYvpL2kg9r2gTg8N4YP7+J8IAG zZKrHUdN4wOwy3tWjRwn3gmf5GdOKTzfX7QZUoT9fYaXWbvE/MwLpeV3f/UnTu2P Kp3boGRtk97nnT4K9IBcXtzgAmenmZgGd4GACCihuBbevTG5D+PamX/RyPyA+x1c xT2Qgp1TNk//1ukBvBof6ND9VTI4ybJQmuJXZ0QQ8/ht000ergCwI8OkyxBpcSOg 6DoG1k9dQj1IBnDjJOx3ZQy+xJOjvsFT9EaKTD+ktqV2/iqyLzGXGkSkKJJeTVzg WCN39Y592GufQDhqwna4lP7/wVig0GxGYGlASsoXCwS330i5IW7/Gn3sXqz6oG9s 4ODtUu2jQVHXTR6sRqJ3EyIU6WEUwXtv5l4SEEFxKHQiNIxaLpZV1H95kvgbKM0t zAsMTdyiXgwcmT1qfro9jni3bATIutbzvx416geJyjS7RYX86w13EcjrdUD1et/A zQ2DfqkAKA7zP3xOpwiv =cuJP -----END PGP SIGNATURE-----
Edited by hollowface, 12 June 2016 - 07:58 PM.