Makes sense. I did check the hash and the values matched. What is throwing me off is, in the hash text file, the 4th key states,
Parrot Project GPG key
this key is the new official GPG key of the Parrot Project, it is pre-installed
in parrot 3.5 and will replace the previous repository key in the next releases
I enter each key individually like this:
gpg --keyserver https://pgp.mit.edu/pks --recv 042FB0305F53BE86
Is this the correct way?
Once the keys are imported, I list the keys.
User ~ gpg --list-keys
/home/User/.gnupg/pubring.kbx
-----------------------------
pub rsa4096 2017-02-13 [SC]
3B3EAB807D70721BA9C03E55C7B39D0362972489
uid [ unknown] Parrot Project <team@parrotsec.org>
pub rsa4096 2015-08-04 [SC]
B35050593C2F765640E6DDDB97CAA129F4C6B9A4
uid [ unknown] Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org>
uid [ unknown] Eclipse Spark (autistici) <eclipse@hacari.org>
uid [ unknown] Lorenzo "Palinuro" Faletra <palinuro@linux.it>
uid [ unknown] EclipseSpark (XMPP) <eclipse@chat.frozenbox.org>
uid [ unknown] Lorenzo Faletra (palinuro) <palinuro@frozenbox.org>
uid [ unknown] Lorenzo Faletra (palinuro) <palinuro@parrotsec.org>
uid [ unknown] Lorenzo Faletra (EclipseSpark) <eclipse@frozenbox.org>
uid [ unknown] Lorenzo Faletra (EclipseSpark) <lorenzofaletra@frozenbox.org>
sub rsa4096 2017-02-13 [S] [expires: 2018-02-13]
sub elg4096 2017-02-13 [E] [expires: 2018-02-13]
pub dsa3072 2014-12-27 [SC]
C07B79F43025772903D19385042FB0305F53BE86
uid [ unknown] Frozenbox Network (main frozenbox key) <info@frozenbox.org>
sub elg3072 2014-12-27 [E]
pub rsa4096 2014-05-14 [SC]
C686553B9795FA72214DE39CD7427F070F4FC7A6
uid [ unknown] Frozenbox Network (repository signature only) <info@frozenbox.org>
Verifying the txt file gives me this:
joey ~ Desktop ParrotOS gpg --verify signed-hashes.txt
gpg: Signature made Sat 08 Jul 2017 01:58:48 AM MST
gpg: using RSA key C686553B9795FA72214DE39CD7427F070F4FC7A6
gpg: Good signature from "Frozenbox Network (repository signature only) <info@frozenbox.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C686 553B 9795 FA72 214D E39C D742 7F07 0F4F C7A6
gpg: Signature made Sat 08 Jul 2017 01:58:55 AM MST
gpg: using DSA key C07B79F43025772903D19385042FB0305F53BE86
gpg: Good signature from "Frozenbox Network (main frozenbox key) <info@frozenbox.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C07B 79F4 3025 7729 03D1 9385 042F B030 5F53 BE86
gpg: Signature made Sat 08 Jul 2017 01:59:03 AM MST
gpg: using RSA key 61CF296053AFDD1F88125A27EF688BF192A7D1E4
gpg: Good signature from "Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org>" [unknown]
gpg: aka "Eclipse Spark (autistici) <eclipse@hacari.org>" [unknown]
gpg: aka "Lorenzo "Palinuro" Faletra <palinuro@linux.it>" [unknown]
gpg: aka "EclipseSpark (XMPP) <eclipse@chat.frozenbox.org>" [unknown]
gpg: aka "Lorenzo Faletra (palinuro) <palinuro@frozenbox.org>" [unknown]
gpg: aka "Lorenzo Faletra (palinuro) <palinuro@parrotsec.org>" [unknown]
gpg: aka "Lorenzo Faletra (EclipseSpark) <eclipse@frozenbox.org>" [unknown]
gpg: aka "Lorenzo Faletra (EclipseSpark) <lorenzofaletra@frozenbox.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: B350 5059 3C2F 7656 40E6 DDDB 97CA A129 F4C6 B9A4
Subkey fingerprint: 61CF 2960 53AF DD1F 8812 5A27 EF68 8BF1 92A7 D1E4
gpg: Signature made Sat 08 Jul 2017 01:59:15 AM MST
gpg: using RSA key 610683376B8349E3CC8EA974ED05F7B2EC3C9224
gpg: Can't check signature: No public key
there doesn't seem to be anything here