Usually there is public key for this no, but in this case QSMK was supposed to verify that. How come it does not work? There is nothing in between in this guide. Note: i tried put signing key name into quotes also…
This probably means it can’t find that keyfile in the same directory in which you’re running the command. If you’ve imported the release signing key, then you should be able to reference it by its ID instead of the filename.
You mean release signing key? It is in the same directory!
Also can’t fetch it with gpg
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-release-X-signing-key.asc'
gpg: WARNING: unable to fetch URI https://keys.qubes-os.org/keys/qubes-release-X-signing-key.asc: No data
gpg: key fetch failed: No data
Also can’t import it from file, when run in folder where RSK lies, command:
After you have completed these two prerequisite steps, the next step is to obtain the correct RSK. The filename of the RSK for your Qubes OS release is usually qubes-release-X-signing-key.asc , where X is the major version number of your Qubes release. For example, if you were installing release 1.2.3 , you would replace X with 1 , resulting in qubes-release-1-signing-key.asc . There are several ways to get the RSK for your Qubes release.
gpg2 --check-signatures "Qubes OS Release X Signing Key"
NOTE: i am using gpg, not gpg2!!!
Even changing QSMK to trust level didn’t help!!!
Do you really want to set this key to ultimate trust? (y/N) y
created: 2010-04-01 expires: never usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). Qubes Master Signing Key
But in Kleopatra there is still trust level unknown
You’re trying to reference a key file, but you you need to reference the imported key in your keyring instead.
Because you didn’t replace the “X” with an actual release number. There is no key named “Qubes OS Release X Signing Key” (with a literal “X”) in your keyring. Try “Qubes OS Release 4 Signing Key” instead (assuming you’ve actually imported that key).