I have then ran
gpg --verify SHA256SUMS.asc SHA256SUMSand when I do this, gpg is reporting multiple keys arenot certified with a trusted signature - there is no indication that the signature belongs to the owner- providing an exit status code of 2.
This error is a result of how GPG determines whether it trusts keys. When a key is signed by another key, the signer indicates that they have verified that the key belongs to the person it claims is its owner. This property is transitive, to a degree (that is configured by you, locally). So if GPG sees a key signed by a key that you trust, then it will also indicate that you trust that key, even if you yourself have not signed it. You can also indicate (locally) to GPG that you trust a key, and with what level you trust it.
This particular error message means that the GPG does not see anything that indicates that it trusts those keys. It may mean that you have not signed someone's key who has signed those keys. It may be that your GPG simply does not have anything in its trust database and so it defaults to not trusting any key (this is the likely scenario for most users).
This security.SE question goes into further detail.
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments