How can the apt key be verified?
Mikaela opened this issue · 0 comments
Mikaela commented
In the Linux platform instructions the key is downloaded over http. How can I verify that it's the intended key instead of something from MITM? I don't see the fingerprint mentioned anywhere on the website.
What I received is:
pub rsa4096/0x5898470A764B32C9 2018-02-26 [SC]
Key fingerprint = 5691 30E8 CA20 FBC4 CB3F DE55 5898 470A 764B 32C9
uid [ unknown] deb.h-ic.eu
sub rsa4096/0xBC1BF63BD10B8F1A 2018-02-26 [S]
For comparsion, here are some other signature verification instructions: