Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GnuPG Error - "BAD signature from "Tails developers..."" #14

Open
cryptomule opened this issue Sep 5, 2013 · 4 comments
Open

GnuPG Error - "BAD signature from "Tails developers..."" #14

cryptomule opened this issue Sep 5, 2013 · 4 comments

Comments

@cryptomule
Copy link
Contributor

I am receiving an error when running your script. Installer won't complete because of gpg error.

The only idea I have is that I have to curl the iso in two or three stages first and then run the script due to my internet connection. I then copy it into the /data directory and rename it tails.iso.

Any ideas?

EDIT 1: Old Error > ~/.gnupg/gpg.conf:233: invalid auto-key-locate list

+ echo 'for example: disk2'
for example: disk2
+ read TARGET_DISK
disk4
+ echo 'Warning disk4 will be erased. Do you wish to continue [y|n]? '
Warning disk4 will be erased. Do you wish to continue [y|n]? 
+ read ans
y
+ '[' y = y -o y = Y -o y = yes -o y = Yes -o y = YES ']'
+ echo 'Ok, you wanted it!'
Ok, you wanted it!
+ '[' -f data/tails.iso ']'
+ echo '[+] Found tails image in data/tails.iso. Using it!'
[+] Found tails image in data/tails.iso. Using it!
+ verify_tails
+ curl -o data/tails-signing.key https://tails.boum.org/tails-signing.key
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 30819  100 30819    0     0  15249      0  0:00:02  0:00:02 --:--:-- 20382
+ curl -o data/tails.iso.sig https://tails.boum.org/torrents/files/tails-i386-0.20.iso.sig
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   836  100   836    0     0    950      0 --:--:-- --:--:-- --:--:--  1199
+ rm -f data/tmp_keyring.pgp
+ gpg --no-default-keyring --keyring data/tmp_keyring.pgp --import data/tails-signing.key
gpg: /Users/me/.gnupg/gpg.conf:233: invalid auto-key-locate list
+ gpg --no-default-keyring --keyring data/tmp_keyring.pgp --fingerprint BE2CD9C1
+ grep '0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1'
gpg: /Users/me/.gnupg/gpg.conf:233: invalid auto-key-locate list
+ echo 'ERROR! The imported key does not seem to be right one. Something is fishy!'
ERROR! The imported key does not seem to be right one. Something is fishy!
+ exit 1

EDIT 2: New Error

  • echo 'The import TAILS developer key is ok.'
    The import TAILS developer key is ok.
  • gpg --no-default-keyring --keyring data/tmp_keyring.pgp --verify data/tails.iso.sig
    gpg: Signature made Wed 7 Aug 12:34:45 2013 PDT using RSA key ID BE2CD9C1
    gpg: BAD signature from "Tails developers (signing key) [email protected]"
  • echo 'ERROR! The iso does not seem to be signed by the TAILS key. Something is fishy!'
    ERROR! The iso does not seem to be signed by the TAILS key. Something is fishy!

Error with gpg using brew:

gpg --version
gpg (GnuPG) 1.4.14
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

+ echo 'for example: disk2'
for example: disk2
+ read TARGET_DISK
disk4
+ echo 'Warning disk4 will be erased. Do you wish to continue [y|n]? '
Warning disk4 will be erased. Do you wish to continue [y|n]? 
+ read ans
y
+ '[' y = y -o y = Y -o y = yes -o y = Yes -o y = YES ']'
+ echo 'Ok, you wanted it!'
Ok, you wanted it!
+ '[' -f data/tails.iso ']'
+ echo '[+] Found tails image in data/tails.iso. Using it!'
[+] Found tails image in data/tails.iso. Using it!
+ verify_tails
+ curl -o data/tails-signing.key https://tails.boum.org/tails-signing.key
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 30819  100 30819    0     0  21642      0  0:00:01  0:00:01 --:--:-- 25344
+ curl -o data/tails.iso.sig https://tails.boum.org/torrents/files/tails-i386-0.20.iso.sig
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   836  100   836    0     0    895      0 --:--:-- --:--:-- --:--:--  1125
+ rm -f data/tmp_keyring.pgp
+ gpg --no-default-keyring --keyring data/tmp_keyring.pgp --import data/tails-signing.key
gpg: keyring `data/tmp_keyring.pgp' created
gpg: key BE2CD9C1: public key "Tails developers (signing key) " imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found
+ gpg --no-default-keyring --keyring data/tmp_keyring.pgp --fingerprint BE2CD9C1
+ grep '0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1'
      Key fingerprint = 0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1
+ echo 'The import TAILS developer key is ok.'
The import TAILS developer key is ok.
+ gpg --no-default-keyring --keyring data/tmp_keyring.pgp --verify data/tails.iso.sig
gpg: Signature made Wed  7 Aug 12:34:45 2013 PDT using RSA key ID BE2CD9C1
gpg: BAD signature from "Tails developers (signing key) "
+ echo 'ERROR! The iso does not seem to be signed by the TAILS key. Something is fishy!'
ERROR! The iso does not seem to be signed by the TAILS key. Something is fishy!
+ exit 1

(same error) With GPGtools.org installed:

gpg --version
gpg (GnuPG/MacGPG2) 2.0.20
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

+ rm -f data/tmp_keyring.pgp
+ gpg --no-default-keyring --keyring data/tmp_keyring.pgp --import data/tails-signing.key
gpg: keyring `data/tmp_keyring.pgp' created
gpg: key BE2CD9C1: public key "Tails developers (signing key) " imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: public key of ultimately trusted key 00D026C4 not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+ gpg --no-default-keyring --keyring data/tmp_keyring.pgp --fingerprint BE2CD9C1
+ grep '0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1'
      Key fingerprint = 0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1
+ echo 'The import TAILS developer key is ok.'
The import TAILS developer key is ok.
+ gpg --no-default-keyring --keyring data/tmp_keyring.pgp --verify data/tails.iso.sig
gpg: Signature made Wed  7 Aug 12:34:45 2013 PDT using RSA key ID BE2CD9C1
gpg: BAD signature from "Tails developers (signing key) "
+ echo 'ERROR! The iso does not seem to be signed by the TAILS key. Something is fishy!'
ERROR! The iso does not seem to be signed by the TAILS key. Something is fishy!
+ exit 1

gpg --no-default-keyring --keyring data/tmp_keyring.pgp --list-keys
data/tmp_keyring.pgp
--------------------
pub   4096R/BE2CD9C1 2010-10-07 [expires: 2015-02-05]
uid                  Tails developers (signing key) 
uid                  T(A)ILS developers (signing key)
@xkanedax
Copy link

No solution, but workaround...
Download the Tails ISO and signature file manually.
Start the cryptographic verification manually.
Open "create-image.sh" and comment out

verify_tails () {
  curl -o data/tails-signing.key $TAILS_KEY_URL
  curl -o data/tails.iso.sig $TAILS_SIG_URL
 
  rm -f data/tmp_keyring.pgp
  gpg --no-default-keyring --keyring data/tmp_keyring.pgp --import data/tails-signing.key
  if gpg --no-default-keyring --keyring data/tmp_keyring.pgp --fingerprint BE2CD9C1 | grep "0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1";then
    echo "The import TAILS developer key is ok."
  else
    echo "ERROR! The imported key does not seem to be right one. Something is fishy!"
   exit 1
 fi
  
  if gpg --no-default-keyring --keyring data/tmp_keyring.pgp --verify data/tails.iso.sig; then
    echo "The .iso seems legit."
  else
    echo "ERROR! The iso does not seem to be signed by the TAILS key. Something is fishy!"
    exit 1
  fi
}

and


  verify_tails

Save "create-image.sh".

Rename "tails-i386-0.20.1.iso" to "tails.iso" and "tails-i386-0.20.1.iso.sig" to "tails.iso.sig".
and move both to /TAILS-OSX/data/

Run "create-image.sh"

Just for people searching a fast and dirty solution

@hellais
Copy link
Owner

hellais commented Oct 30, 2013

can you try running:

./create-image clean

(this will delete the TAILS iso and the TAILS signature)

and then re-running the script.

@mynameisrienk
Copy link

@ xkanedax: just commenting out the call to verify_tails, in the create_image function block will suffice.

@soyuka
Copy link

soyuka commented Jul 19, 2014

@xkanedax thanks (:

What about adding an option to skip the check?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hellais @soyuka @cryptomule @xkanedax @mynameisrienk