I Am going thought guide from start, I certified QSMK using my private key in Kleopatra on Windows 11. But at step verifying release signing key, using command:
Usually there is public key for this no, but in this case QSMK was supposed to verify that. How come it does not work? There is nothing in between in this guide. Note: i tried put signing key name into quotes also…
This probably means it can’t find that keyfile in the same directory in which you’re running the command. If you’ve imported the release signing key, then you should be able to reference it by its ID instead of the filename.
You mean release signing key? It is in the same directory!
Also can’t fetch it with gpg
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-release-X-signing-key.asc'
gpg: WARNING: unable to fetch URI https://keys.qubes-os.org/keys/qubes-release-X-signing-key.asc: No data
gpg: key fetch failed: No data
Also can’t import it from file, when run in folder where RSK lies, command:
After you have completed these two prerequisite steps, the next step is to obtain the correct RSK. The filename of the RSK for your Qubes OS release is usually qubes-release-X-signing-key.asc , where X is the major version number of your Qubes release. For example, if you were installing release 1.2.3 , you would replace X with 1 , resulting in qubes-release-1-signing-key.asc . There are several ways to get the RSK for your Qubes release.
gpg --check-signatures qubes-release-4-signing-key.asc
gpg: error reading key: No public key
I tried like 10 ways and nothing works, i also tried import key and reference to it by id… Or like click very & decrypt but nothing happens, normally Kleopatra offers to search for public key!
gpg2 --check-signatures "Qubes OS Release X Signing Key"
same issue…
NOTE: i am using gpg, not gpg2!!!
Even changing QSMK to trust level didn’t help!!!
Do you really want to set this key to ultimate trust? (y/N) y
pub rsa4096/DDFA1A3E36879494
created: 2010-04-01 expires: never usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). Qubes Master Signing Key
gpg>
But in Kleopatra there is still trust level unknown
You’re trying to reference a key file, but you you need to reference the imported key in your keyring instead.
Because you didn’t replace the “X” with an actual release number. There is no key named “Qubes OS Release X Signing Key” (with a literal “X”) in your keyring. Try “Qubes OS Release 4 Signing Key” instead (assuming you’ve actually imported that key).
EDIT: I thought it could be 4.1.2 first, but it downloads with 4 only for 4.1.2 version
I don’t remember how i solved it unfortunately and i thought i could figure it out next time, or from this post I have severe chronic pain don’t even 1 word…
Doesn’t matter. That command doesn’t take files, AFAIK.
Yes. Please show the exact command and output of that not working.
No, that’s trying to reference a file again. The key is not named qubes-release-4-signing-key.asc. That’s the name of a file that contains the data for the key.
It works fine if you reference the key by its actual name or its fingerprint: