need to know kernel gpg (--kerserver) command addresses -- gpg command - linux

I am running Debian 5.10.0-kali7-amd64 amd compiling kernel linux-5.12-6 when I run
gpg --keyserver subkeys.pgp.net --recv-keys xxxxxxxx....
command
it gives
gpg: keyserver receive failed: No route to host
and when I run
gpg --recv-keys xxxx
it gives following
gpg: key 38DBBDC86092693E: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
What is above error. on this link it says
https://superuser.com/questions/1485213/gpg-cant-import-key-new-key-but-contains-no-user-id-skipped
You are probably using the xxxx.org keyserver, which has an owner approval system it will strip all user IDs unless the owner of the corresponding email address has allowed them to be published.
Or how to verify the kernel
For kernel compiling I am using this tutorial https://www.cyberciti.biz/tips/compiling-linux-kernel-26.html
It also talks about verifying kernel sign with gpg --recv-keys xxxx.... again it also gives
gpg: key 38DBBDC86092693E: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
how to resolve the above so I get output of gpg --recv-keys xxxxx... something like following
gpg: key xxxx: 7 duplicate signatures removed
gpg: key xxxxx: 172 signatures not checked due to missing keys
gpg: /home/vivek/.gnupg/trustdb.gpg: trustdb created
gpg: key 79BE3E4300411886: public key "Linus Torvalds torvalds#kernel.org" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

The instructions for that particular key are given at:
https://www.kernel.org/signature.html
I cannot vouch for the security of following those instructions, other than to say that they are hosted on kernel.org and delivered via https.
In case the URL mentioned above breaks (gets moved or deleted), I have the broad strokes of the solution listed below. I've removed the parts that specifically refer to gregkh#kernel.org who is associated with the key (RSA key ID 38DBBDC86092693E) you mentioned
gpg2 --locate-keys torvalds#kernel.org gregkh#kernel.org
gpg2 --tofu-policy good <RSAKEY_IN_DOUBT>
gpg2 --trust-model tofu --verify linux-5.12-6.tar.sign

Related

gpg: no valid OpenPGP data found while adding ubuntu-toolchain package

I'm executing this command: sudo add-apt-repository ppa:ubuntu-toolchain-r/test
And I'm getting this output in terminal:
gpg: keybox '/tmp/tmphrotribt/pubring.gpg' created
gpg: /tmp/tmphrotribt/trustdb.gpg: trustdb created
gpg: key 1E9377A2BA9EF27F: public key "Launchpad Toolchain builds" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no valid OpenPGP data found.
Is the command executed well? Or the last line of output "gpg: no valid OpenPGP data found." is some error?

"certificate signed by unknown authority" after resintalling LXD

I'm getting this error after purging lxd and reinstalling:
lxd_network.singlenode: Refreshing state... [id=singlenode]
Error: Unable to create client for remote [localhost]:
Get "https://127.0.0.1:5555/1.0":
x509: certificate signed by unknown authority (possibly because of
"x509: ECDSA verification failure" while trying to verify candidate
authority certificate "root#nimbus")
(Text wrapped for clarity)
This even happens after lxc remote add nimbus 127.0.0.1:5555 --accept-certificate --password=xxxxx.
The answer is: LXD caches the remote's cert in ~/.config/lxc/servercerts, so just remove the relevant file.

Unable to send/upload pgp keys to keyservers

C:\Users\shiny>gpg --send-keys 170AD0000539A3B
gpg: sending key 170AD0000539A3B to hkps://hkps.pool.sks-keyservers.net
gpg: keyserver send failed: Server indicated a failure
gpg: keyserver send failed: Server indicated a failure
gpg --send-keys --keyserver hkp://keyserver.ubuntu.com 170AD0000539A3B
also failed with same error

gpg: Key generation canceled

I am having a hard time generating a gpg keypair in linux. I am following the steps in this tutorial: https://www.gnupg.org/gph/en/manual/c14.html
However, after it asks me for a passphrase and I insert one, I get the following message:
gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running
gpg: can't connect to the agent: IPC connect call failed
gpg: problem with the agent: No agent running
gpg: Key generation canceled.
What could be the problem here?
In shell run following command
kill -9 gpg-agent
source <(gpg-agent --daemon)

How to verify the integrity of a linux tarball?

The tarballs of the Linux releases from https://www.kernel.org/ can be verified with .sign files. There's no information how to verify the tarball on the website or in the README in the tarball.
The following if derived from the instructions Linux kernel releases PGP signatures on the kernel.org site. Which say (in part), first (and only one time) install the public key like
$ gpg --keyserver hkp://keys.gnupg.net --recv-keys 6092693E
Then you can verify signatures like
$ xz -cd linux-3.1.5.tar.xz | gpg --verify linux-3.1.5.tar.sign -
with an expected output something like
gpg: Signature made Fri 09 Dec 2011 12:16:46 PM EST using RSA key ID 6092693E
gpg: Good signature from "Greg Kroah-Hartman
(Linux kernel stable release signing key) <greg#kroah.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E

Resources