Softwares |
Main /
How-to-verify-signature-of-downloaded-source-file-with-gpgMain.How-to-verify-signature-of-downloaded-source-file-with-gpg HistoryShow minor edits - Show changes to output Added lines 1-54:
(:Google1:) *Download PGP public key block, Signature and the software.tar.gz http://archive.mgm51.com/mirrors/postfix-source/wietse.pgp http://archive.mgm51.com/mirrors/postfix-source/official/postfix-2.6.5.tar.gz.sig http://archive.mgm51.com/mirrors/postfix-source/official/postfix-2.6.5.tar.gz *Import the PGP public key block [@ $ gpg --import wietse.pgp gpg: key C12BCD99: public key "Wietse Venema <[email protected]>" imported gpg: key D5327CB9: public key "wietse venema <[email protected]>" imported gpg: Total number processed: 2 gpg: imported: 2 (RSA: 2) gpg: no ultimately trusted keys found :~/postfix$ file wietse.pgp wietse.pgp: PGP public key block @] *List Keys [@ :~/postfix$ gpg --list-keys /home/jyothis/.gnupg/pubring.gpg -------------------------------- pub 2048R/C12BCD99 2005-02-28 uid Wietse Venema <[email protected]> pub 1022R/D5327CB9 1992-09-25 uid wietse venema <[email protected]> uid wietse venema <[email protected]> @] *Verify Signature [@ :~/postfix$ gpg --verify postfix-2.6.5.tar.gz.sig postfix-2.6.5.tar.gz gpg: Signature made Sat Aug 29 00:50:08 2009 UTC using RSA key ID C12BCD99 gpg: Good signature from "Wietse Venema <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB :~/postfix$ @] (:Googlemm:) |