Verify downloaded file with gnupg

From LemonWiki共筆

Revision as of 14:33, 19 July 2019 by Planetoid (talk | contribs) (→‎further reading: + Calculate the md5 hash)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Way to verify downloaded file with gnupg[edit]

Download and install GnuPG 1.4.11 compiled for Microsoft Windows(download directly).

Locate the downloaded file at another website:(1)file.tar.gz.sig (GPG security signature) (2)file.tar.gz (3)keys.txt (GPG public keys from the website owner who offered files file.tar.gz.sig & file.tar.gz)

C:\Program Files\GNU\GnuPG\
* gpg.exe
* file.tar.gz.sig                     
* file.tar.gz                         
* keys.txt

open the console window
1. cmd > C:\Program Files\GNU\GnuPG>gpg --import keys.txt
2. cmd > C:\Program Files\GNU\GnuPG>gpg --verify file.tar.gz.sig file.tar.gz

Expected result after executed --verify command:

gpg: Good signature from ...

Troubleshooting[edit]

I met the message "Can't check signature: public key not found" after I executed --verify command

Solution: need to import the GPG public keys gpg --import keys.txt

further reading[edit]

GnuPG documentation
Mac Mac OS X: how to generate md5 sha1 sha256 checksums from command line
related terms: MD5 or SHA1 Checksum

"Calculate the md5 hash of a string"

Retrieved from "https://wiki.planetoid.info/index.php?title=Verify_downloaded_file_with_gnupg&oldid=20805"