Verify Download Problem

[nokiwilliam]

trafficstars

Hi, i use Linux Mint 18.1

I downloaded ISO, sha256 and signature. I used the next command. gpg --recv-key B55E70A95AC79474504C30D0DA11364B4760E444 Answer: gpg: requesting key 4760E444 from hkp server keys.gnupg.net gpg: key 4760E444: "Subgraph Release Signing Key <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1

so once received the key, i verify: gpg --verify subgraph-os-alpha_2017-09-22_1.iso.sha256.sig subgraph-os-alpha_2017-09-22_1.iso.sha256

And the received answer: gpg: Signature made Fri 22 Sep 2017 21:26:32 CEST using RSA key ID F999D968 gpg: Good signature from "Subgraph Release Signing Key <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B55E 70A9 5AC7 9474 504C 30D0 DA11 364B 4760 E444 Subkey fingerprint: AB6C 7E34 4F63 3E10 4377 D595 E1AE 39C4 F999 D968

Obviously, SHA256SUM fail when i run this.

How can i solved that? I try to receive the key using --keyserver keys.gnupg.net and it didn't work.

Thanks for your help.

[dma]

That's expected output, the signature verified successfully. I'm confused when you say that sha256sum fails..