cancel
Showing results for 
Search instead for 
Did you mean: 

Public GPG key not matching the .deb file signature

Cleberz
Newcomer
Newcomer

Hello,
I'm trying to install the latest Zoom 5.14.7 (2928) from your Download Center webpage on my Ubuntu 20.04 but this build appears to be using a different public key than the one linked in that page:

https://us06web.zoom.us/client/latest/zoom_amd64.deb
https://us06web.zoom.us/linux/download/pubkey

 

$ gpg --import package-signing-key.pub  
gpg: keybox '/home/czarate3/.gnupg/pubring.kbx' created
gpg: /home/czarate3/.gnupg/trustdb.gpg: trustdb created
gpg: key B903BF1861A7C71D: public key "Zoom Video Communcations, Inc. Linux Package Signing Key ***********" imported
gpg: Total number processed: 1
gpg:               imported: 1
$ gpg --show-keys package-signing-key.pub
pub   rsa2048 2015-06-07 [SC]
     396060CADD8A75220BFCB369B903BF1861A7C71D
uid                      Zoom Video Communcations, Inc. Linux Package Signing Key ***********
sub   rsa2048 2015-06-07 [E]
$ gpg --verify zoom_amd64.deb
gpg: Signature made Fri 05 May 2023 12:41:04 AM CDT
gpg: using RSA key 59C86188E22ABB19BD5540477B04A1B8DD79B481
gpg: Can't check signature: No public key
$ dpkg-sig -verify zoom_amd64.deb
Processing zoom_amd64.deb...
UNKNOWNSIG _gpgbuilder DD79B481

 

 Please let me know whether this is just someone missing a new public key or whether that file has been tampered with. Thanks,

0 REPLIES 0