Verify downloaded file with gnupg

From LemonWiki共筆
Revision as of 14:33, 19 July 2019 by Planetoid (talk | contribs) (→‎further reading: + Calculate the md5 hash)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Way to verify downloaded file with gnupg[edit]

  • Locate the downloaded file at another website:(1)file.tar.gz.sig (GPG security signature) (2)file.tar.gz (3)keys.txt (GPG public keys from the website owner who offered files file.tar.gz.sig & file.tar.gz)
C:\Program Files\GNU\GnuPG\
* gpg.exe
* file.tar.gz.sig                     
* file.tar.gz                         
* keys.txt                            
  • open the console window
    1. cmd > C:\Program Files\GNU\GnuPG>gpg --import keys.txt
    2. cmd > C:\Program Files\GNU\GnuPG>gpg --verify file.tar.gz.sig file.tar.gz

Expected result after executed --verify command:

gpg: Good signature from ...


I met the message "Can't check signature: public key not found" after I executed --verify command

  • Solution: need to import the GPG public keys gpg --import keys.txt

further reading[edit]

"Calculate the md5 hash of a string"