cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Public GPG key not matching the .deb file signature

Cleberz
Newcomer
Newcomer

‎2023-05-08 08:24 AM

Hello,
I'm trying to install the latest Zoom 5.14.7 (2928) from your Download Center webpage on my Ubuntu 20.04 but this build appears to be using a different public key than the one linked in that page:

https://us06web.zoom.us/client/latest/zoom_amd64.deb
https://us06web.zoom.us/linux/download/pubkey

 

$ gpg --import package-signing-key.pub  
gpg: keybox '/home/czarate3/.gnupg/pubring.kbx' created
gpg: /home/czarate3/.gnupg/trustdb.gpg: trustdb created
gpg: key B903BF1861A7C71D: public key "Zoom Video Communcations, Inc. Linux Package Signing Key ***********" imported
gpg: Total number processed: 1
gpg:               imported: 1
$ gpg --show-keys package-signing-key.pub
pub   rsa2048 2015-06-07 [SC]
     396060CADD8A75220BFCB369B903BF1861A7C71D
uid                      Zoom Video Communcations, Inc. Linux Package Signing Key ***********
sub   rsa2048 2015-06-07 [E]
$ gpg --verify zoom_amd64.deb
gpg: Signature made Fri 05 May 2023 12:41:04 AM CDT
gpg: using RSA key 59C86188E22ABB19BD5540477B04A1B8DD79B481
gpg: Can't check signature: No public key
$ dpkg-sig -verify zoom_amd64.deb
Processing zoom_amd64.deb...
UNKNOWNSIG _gpgbuilder DD79B481

 

 Please let me know whether this is just someone missing a new public key or whether that file has been tampered with. Thanks,

0 REPLIES 0