From IT Mission Linux Tips, Hacks, Tutorials, Howtos -

Main: How-to-verify-signature-of-downloaded-source-file-with-gpg

$ gpg --import wietse.pgp 
gpg: key C12BCD99: public key "Wietse Venema <[email protected]>" imported
gpg: key D5327CB9: public key "wietse venema <[email protected]>" imported
gpg: Total number processed: 2
gpg:               imported: 2  (RSA: 2)
gpg: no ultimately trusted keys found

:~/postfix$ file wietse.pgp
wietse.pgp: PGP public key block
:~/postfix$ gpg --list-keys
pub   2048R/C12BCD99 2005-02-28
uid                  Wietse Venema <[email protected]>

pub   1022R/D5327CB9 1992-09-25
uid                  wietse venema <[email protected]>
uid                  wietse venema <[email protected]>

:~/postfix$ gpg --verify postfix-2.6.5.tar.gz.sig postfix-2.6.5.tar.gz
gpg: Signature made Sat Aug 29 00:50:08 2009 UTC using RSA key ID C12BCD99
gpg: Good signature from "Wietse Venema <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E  A4 EF AD BF 48 34 E1 BB

Retrieved from
Page last modified on December 08, 2009, at 08:40 AM