R4.0.4 Torrent download hash and detached sig verification fails

I downloaded the torrent using this link on the Downloads page which contained 3 files:

  Qubes-R4.0.4-x86_64.iso
  Qubes-R4.0.4-x86_64.iso.asc
  Qubes-R4.0.4-x86_64.iso.DIGESTS

I then proceeded to verify the download following the Verifying Signatures, following is steps taken and the output:

❯ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-master-signing-key.asc'
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
❯ gpg --keyserver-options no-self-sigs-only,no-import-clean --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg: key DDFA1A3E36879494: 73 signatures not checked due to missing keys
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" 73 new signatures
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:         new signatures: 73
❯ gpg --edit-key 427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
[ unknown] (1). Qubes Master Signing Key

gpg> fpr
pub   rsa4096/DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key
 Primary key fingerprint: 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494

gpg> trust
pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
[ unknown] (1). Qubes Master Signing Key

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: ultimate      validity: unknown
[ unknown] (1). Qubes Master Signing Key
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> q
❯ gpg -k "Qubes Master Signing Key"
pub   rsa4096 2010-04-01 [SC]
      427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid           [ultimate] Qubes Master Signing Key

❯ gpg --keyserver-options no-self-sigs-only,no-import-clean --fetch-keys https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc'
gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing Key" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
❯ gpg --check-signatures "Qubes OS Release 4 Signing Key"
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key
sig!3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
sig!         DDFA1A3E36879494 2017-03-08  Qubes Master Signing Key

gpg: 2 good signatures
❯ gpg -k "Qubes OS Release"
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key

❯ ls
 Qubes-R4.0.4-x86_64.iso   Qubes-R4.0.4-x86_64.iso.asc   Qubes-R4.0.4-x86_64.iso.DIGESTS
❯ gpg -v --verify Qubes-R4.0.4-x86_64.iso.DIGESTS
gpg: armor header: Hash: SHA256
gpg: original file name=''
gpg: Signature made Thu 04 Mar 2021 07:41:18 PM IST
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: using pgp trust model
gpg: Good signature from "Qubes OS Release 4 Signing Key" [full]
gpg: textmode signature, digest algorithm SHA256, key algorithm rsa4096
❯ gpg -v --verify Qubes-R4.0.4-x86_64.iso.asc Qubes-R4.0.4-x86_64.iso

gpg: Signature made Thu 04 Mar 2021 07:39:55 PM IST
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: using pgp trust model
gpg: BAD signature from "Qubes OS Release 4 Signing Key" [full]
gpg: binary signature, digest algorithm SHA256, key algorithm rsa4096
❯ 
❯ sha256sum -c Qubes-R4.0.4-x86_64.iso.DIGESTS
Qubes-R4.0.4-x86_64.iso: FAILED
sha256sum: WARNING: 23 lines are improperly formatted
sha256sum: WARNING: 1 computed checksum did NOT match
❯ openssl dgst -sha256 Qubes-R4.0.4-x86_64.iso
SHA256(Qubes-R4.0.4-x86_64.iso)= 494670d745c57dc27ab836c9ac64f5f2f8d07db14c2c475132ec6f0406b3aabb
❯ head Qubes-R4.0.4-x86_64.iso.DIGESTS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


5e37ed0f81e4babc0df322ec19f9d5b4 *Qubes-R4.0.4-x86_64.iso
d6ebe7f8f70d0714a1d36207a6363339abbd3bc0 *Qubes-R4.0.4-x86_64.iso
1d05dbd247d6ea5588879570b74cfb1f8df97e135dbec8714924cc03e8d137b9 *Qubes-R4.0.4-x86_64.iso
6cf020c15636805f63b6c33565bbe155be1b1ad85d67759d674540d07328efa339ff0c35cb3d549d09468f280fe42a160f2c03820212571d02f47b34eb0791f5 *Qubes-R4.0.4-x86_64.iso
-----BEGIN PGP SIGNATURE-----

The DIGESTS signature is valid but, the hashes in it do not match the ISO hashes. This is concerning.

I don’t think i did anything wrong, but happy to be corrected.

Thank you for reading

EDIT: Normal download hash matches and DIGESTS verifies correctly.

❯ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-master-signing-key.asc'
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
❯ gpg --keyserver-options no-self-sigs-only,no-import-clean --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg: key DDFA1A3E36879494: 73 signatures not checked due to missing keys
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" 73 new signatures
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:         new signatures: 73
❯ gpg --edit-key 427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
[ unknown] (1). Qubes Master Signing Key

gpg> fpr
pub   rsa4096/DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key
 Primary key fingerprint: 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494

gpg> trust
pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
[ unknown] (1). Qubes Master Signing Key

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: ultimate      validity: unknown
[ unknown] (1). Qubes Master Signing Key
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> q
❯ gpg -k "Qubes Master Signing Key"
pub   rsa4096 2010-04-01 [SC]
      427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid           [ultimate] Qubes Master Signing Key

❯ gpg --keyserver-options no-self-sigs-only,no-import-clean --fetch-keys https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc'
gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing Key" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
❯ gpg --check-signatures "Qubes OS Release 4 Signing Key"
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key
sig!3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
sig!         DDFA1A3E36879494 2017-03-08  Qubes Master Signing Key

gpg: 2 good signatures
❯ gpg -k "Qubes OS Release"
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key

❯ ls
 Qubes-R4.0.4-x86_64.iso   Qubes-R4.0.4-x86_64.iso.asc   Qubes-R4.0.4-x86_64.iso.DIGESTS
❯ gpg -v --verify Qubes-R4.0.4-x86_64.iso.DIGESTS
gpg: armor header: Hash: SHA256
gpg: original file name=''
gpg: Signature made Thu 04 Mar 2021 07:41:18 PM IST
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: using pgp trust model
gpg: Good signature from "Qubes OS Release 4 Signing Key" [full]
gpg: textmode signature, digest algorithm SHA256, key algorithm rsa4096

Everything up to this point looks good.

❯ gpg -v --verify Qubes-R4.0.4-x86_64.iso.asc Qubes-R4.0.4-x86_64.iso

gpg: Signature made Thu 04 Mar 2021 07:39:55 PM IST
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: using pgp trust model
gpg: BAD signature from "Qubes OS Release 4 Signing Key" [full]
gpg: binary signature, digest algorithm SHA256, key algorithm rsa4096
❯ 
❯ sha256sum -c Qubes-R4.0.4-x86_64.iso.DIGESTS
Qubes-R4.0.4-x86_64.iso: FAILED
sha256sum: WARNING: 23 lines are improperly formatted
sha256sum: WARNING: 1 computed checksum did NOT match
❯ openssl dgst -sha256 Qubes-R4.0.4-x86_64.iso
SHA256(Qubes-R4.0.4-x86_64.iso)= 494670d745c57dc27ab836c9ac64f5f2f8d07db14c2c475132ec6f0406b3aabb
❯ head Qubes-R4.0.4-x86_64.iso.DIGESTS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


5e37ed0f81e4babc0df322ec19f9d5b4 *Qubes-R4.0.4-x86_64.iso
d6ebe7f8f70d0714a1d36207a6363339abbd3bc0 *Qubes-R4.0.4-x86_64.iso
1d05dbd247d6ea5588879570b74cfb1f8df97e135dbec8714924cc03e8d137b9 *Qubes-R4.0.4-x86_64.iso
6cf020c15636805f63b6c33565bbe155be1b1ad85d67759d674540d07328efa339ff0c35cb3d549d09468f280fe42a160f2c03820212571d02f47b34eb0791f5 *Qubes-R4.0.4-x86_64.iso
-----BEGIN PGP SIGNATURE-----

Looks like the ISO is bad (e.g., incomplete/corrupted download or malicious file). Verification is doing its job! I suggest re-downloading the ISO and re-attempting verification. If it happens again, try re-downloading the ISO from a different connection (e.g., Tor, VPN, library, internet cafe) and/or device.

Ah, something specific to the torrent, then. If this is somehow a problem with our torrent file, let us know. Otherwise, probably one of the aforementioned cases (e.g., incomplete/corrupted download or malicious file). Either way, verification is doing its job!

Yes, the post is intended to be a “positive bugreport” since it’s specific to the torrent file and highlighting the importance of the verification process.

The torrent was downloaded 100% so it can’t be incomplete. But, I cannot verify the torrent is malicious or it was a corrupted download since i am limited by bandwidth and cannot download the torrent again.

You can start downloading the torrent to the same folder where the files already are. It should verify instead of downloading.

It verified the download and apparently there might have been some corruption. Now the checksums are verifying OK

Exact same issue happened to me using Torrent.
Interesting was that the ISO file had the exact same size in bytes so all looked fine but the signature verification failed and the SHA256 hash was different.

After I clicked ‘verify local data’ in my Torrent client it took a while, completed the process where after the SHA256 sum changed, matched and the signature verification passed successfully as well.