R4.0.4 Torrent download hash and detached sig verification fails

I downloaded the torrent using this link on the Downloads page which contained 3 files:

  Qubes-R4.0.4-x86_64.iso
  Qubes-R4.0.4-x86_64.iso.asc
  Qubes-R4.0.4-x86_64.iso.DIGESTS

I then proceeded to verify the download following the Verifying Signatures, following is steps taken and the output:

❯ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-master-signing-key.asc'
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
❯ gpg --keyserver-options no-self-sigs-only,no-import-clean --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg: key DDFA1A3E36879494: 73 signatures not checked due to missing keys
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" 73 new signatures
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:         new signatures: 73
❯ gpg --edit-key 427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
[ unknown] (1). Qubes Master Signing Key

gpg> fpr
pub   rsa4096/DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key
 Primary key fingerprint: 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494

gpg> trust
pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
[ unknown] (1). Qubes Master Signing Key

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: ultimate      validity: unknown
[ unknown] (1). Qubes Master Signing Key
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> q
❯ gpg -k "Qubes Master Signing Key"
pub   rsa4096 2010-04-01 [SC]
      427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid           [ultimate] Qubes Master Signing Key

❯ gpg --keyserver-options no-self-sigs-only,no-import-clean --fetch-keys https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc'
gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing Key" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
❯ gpg --check-signatures "Qubes OS Release 4 Signing Key"
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key
sig!3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
sig!         DDFA1A3E36879494 2017-03-08  Qubes Master Signing Key

gpg: 2 good signatures
❯ gpg -k "Qubes OS Release"
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key

❯ ls
 Qubes-R4.0.4-x86_64.iso   Qubes-R4.0.4-x86_64.iso.asc   Qubes-R4.0.4-x86_64.iso.DIGESTS
❯ gpg -v --verify Qubes-R4.0.4-x86_64.iso.DIGESTS
gpg: armor header: Hash: SHA256
gpg: original file name=''
gpg: Signature made Thu 04 Mar 2021 07:41:18 PM IST
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: using pgp trust model
gpg: Good signature from "Qubes OS Release 4 Signing Key" [full]
gpg: textmode signature, digest algorithm SHA256, key algorithm rsa4096
❯ gpg -v --verify Qubes-R4.0.4-x86_64.iso.asc Qubes-R4.0.4-x86_64.iso

gpg: Signature made Thu 04 Mar 2021 07:39:55 PM IST
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: using pgp trust model
gpg: BAD signature from "Qubes OS Release 4 Signing Key" [full]
gpg: binary signature, digest algorithm SHA256, key algorithm rsa4096
❯ 
❯ sha256sum -c Qubes-R4.0.4-x86_64.iso.DIGESTS
Qubes-R4.0.4-x86_64.iso: FAILED
sha256sum: WARNING: 23 lines are improperly formatted
sha256sum: WARNING: 1 computed checksum did NOT match
❯ openssl dgst -sha256 Qubes-R4.0.4-x86_64.iso
SHA256(Qubes-R4.0.4-x86_64.iso)= 494670d745c57dc27ab836c9ac64f5f2f8d07db14c2c475132ec6f0406b3aabb
❯ head Qubes-R4.0.4-x86_64.iso.DIGESTS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


5e37ed0f81e4babc0df322ec19f9d5b4 *Qubes-R4.0.4-x86_64.iso
d6ebe7f8f70d0714a1d36207a6363339abbd3bc0 *Qubes-R4.0.4-x86_64.iso
1d05dbd247d6ea5588879570b74cfb1f8df97e135dbec8714924cc03e8d137b9 *Qubes-R4.0.4-x86_64.iso
6cf020c15636805f63b6c33565bbe155be1b1ad85d67759d674540d07328efa339ff0c35cb3d549d09468f280fe42a160f2c03820212571d02f47b34eb0791f5 *Qubes-R4.0.4-x86_64.iso
-----BEGIN PGP SIGNATURE-----

The DIGESTS signature is valid but, the hashes in it do not match the ISO hashes. This is concerning.

I don’t think i did anything wrong, but happy to be corrected.

Thank you for reading

EDIT: Normal download hash matches and DIGESTS verifies correctly.

❯ gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-master-signing-key.asc'
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
❯ gpg --keyserver-options no-self-sigs-only,no-import-clean --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg: key DDFA1A3E36879494: 73 signatures not checked due to missing keys
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" 73 new signatures
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:         new signatures: 73
❯ gpg --edit-key 427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
[ unknown] (1). Qubes Master Signing Key

gpg> fpr
pub   rsa4096/DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key
 Primary key fingerprint: 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494

gpg> trust
pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: unknown       validity: unknown
[ unknown] (1). Qubes Master Signing Key

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

pub  rsa4096/DDFA1A3E36879494
     created: 2010-04-01  expires: never       usage: SC  
     trust: ultimate      validity: unknown
[ unknown] (1). Qubes Master Signing Key
Please note that the shown key validity is not necessarily correct
unless you restart the program.

gpg> q
❯ gpg -k "Qubes Master Signing Key"
pub   rsa4096 2010-04-01 [SC]
      427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid           [ultimate] Qubes Master Signing Key

❯ gpg --keyserver-options no-self-sigs-only,no-import-clean --fetch-keys https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-release-4-signing-key.asc'
gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing Key" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
❯ gpg --check-signatures "Qubes OS Release 4 Signing Key"
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key
sig!3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
sig!         DDFA1A3E36879494 2017-03-08  Qubes Master Signing Key

gpg: 2 good signatures
❯ gpg -k "Qubes OS Release"
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key

❯ ls
 Qubes-R4.0.4-x86_64.iso   Qubes-R4.0.4-x86_64.iso.asc   Qubes-R4.0.4-x86_64.iso.DIGESTS
❯ gpg -v --verify Qubes-R4.0.4-x86_64.iso.DIGESTS
gpg: armor header: Hash: SHA256
gpg: original file name=''
gpg: Signature made Thu 04 Mar 2021 07:41:18 PM IST
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: using pgp trust model
gpg: Good signature from "Qubes OS Release 4 Signing Key" [full]
gpg: textmode signature, digest algorithm SHA256, key algorithm rsa4096

Everything up to this point looks good.

❯ gpg -v --verify Qubes-R4.0.4-x86_64.iso.asc Qubes-R4.0.4-x86_64.iso

gpg: Signature made Thu 04 Mar 2021 07:39:55 PM IST
gpg:                using RSA key 5817A43B283DE5A9181A522E1848792F9E2795E9
gpg: using pgp trust model
gpg: BAD signature from "Qubes OS Release 4 Signing Key" [full]
gpg: binary signature, digest algorithm SHA256, key algorithm rsa4096
❯ 
❯ sha256sum -c Qubes-R4.0.4-x86_64.iso.DIGESTS
Qubes-R4.0.4-x86_64.iso: FAILED
sha256sum: WARNING: 23 lines are improperly formatted
sha256sum: WARNING: 1 computed checksum did NOT match
❯ openssl dgst -sha256 Qubes-R4.0.4-x86_64.iso
SHA256(Qubes-R4.0.4-x86_64.iso)= 494670d745c57dc27ab836c9ac64f5f2f8d07db14c2c475132ec6f0406b3aabb
❯ head Qubes-R4.0.4-x86_64.iso.DIGESTS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


5e37ed0f81e4babc0df322ec19f9d5b4 *Qubes-R4.0.4-x86_64.iso
d6ebe7f8f70d0714a1d36207a6363339abbd3bc0 *Qubes-R4.0.4-x86_64.iso
1d05dbd247d6ea5588879570b74cfb1f8df97e135dbec8714924cc03e8d137b9 *Qubes-R4.0.4-x86_64.iso
6cf020c15636805f63b6c33565bbe155be1b1ad85d67759d674540d07328efa339ff0c35cb3d549d09468f280fe42a160f2c03820212571d02f47b34eb0791f5 *Qubes-R4.0.4-x86_64.iso
-----BEGIN PGP SIGNATURE-----

Looks like the ISO is bad (e.g., incomplete/corrupted download or malicious file). Verification is doing its job! I suggest re-downloading the ISO and re-attempting verification. If it happens again, try re-downloading the ISO from a different connection (e.g., Tor, VPN, library, internet cafe) and/or device.

Ah, something specific to the torrent, then. If this is somehow a problem with our torrent file, let us know. Otherwise, probably one of the aforementioned cases (e.g., incomplete/corrupted download or malicious file). Either way, verification is doing its job!

1 Like

Yes, the post is intended to be a “positive bugreport” since it’s specific to the torrent file and highlighting the importance of the verification process.

The torrent was downloaded 100% so it can’t be incomplete. But, I cannot verify the torrent is malicious or it was a corrupted download since i am limited by bandwidth and cannot download the torrent again.

You can start downloading the torrent to the same folder where the files already are. It should verify instead of downloading.

3 Likes

It verified the download and apparently there might have been some corruption. Now the checksums are verifying OK

2 Likes