Verify downloaded file with gnupg

From LemonWiki共筆
Jump to: navigation, search

Way to verify downloaded file with gnupg[edit]

  • Locate the downloaded file at another website:(1)file.tar.gz.sig (GPG security signature) (2)file.tar.gz (3)keys.txt (GPG public keys from the website owner who offered files file.tar.gz.sig & file.tar.gz)
C:\Program Files\GNU\GnuPG\
* gpg.exe
* file.tar.gz.sig                     
* file.tar.gz                         
* keys.txt                            
  • open the console window
    1. cmd > C:\Program Files\GNU\GnuPG>gpg --import keys.txt
    2. cmd > C:\Program Files\GNU\GnuPG>gpg --verify file.tar.gz.sig file.tar.gz

Expected result after executed --verify command:

gpg: Good signature from ...

Troubleshooting[edit]

I met the message "Can't check signature: public key not found" after I executed --verify command

  • Solution: need to import the GPG public keys gpg --import keys.txt

further reading[edit]