Verify downloaded file with gnupg

Way to verify downloaded file with gnupg

• Download and install GnuPG 1.4.11 compiled for Microsoft Windows(download directly).

• Locate the downloaded file at another website:(1)file.tar.gz.sig (GPG security signature) (2)file.tar.gz (3)keys.txt (GPG public keys from the website owner who offered files file.tar.gz.sig & file.tar.gz)

C:\Program Files\GNU\GnuPG\
* gpg.exe
* file.tar.gz.sig                     
* file.tar.gz                         
* keys.txt                            

• open the console window
  1. cmd > C:\Program Files\GNU\GnuPG>gpg --import keys.txt
  2. cmd > C:\Program Files\GNU\GnuPG>gpg --verify file.tar.gz.sig file.tar.gz

Expected result after executed --verify command:

gpg: Good signature from ...

Troubleshooting

I met the message "Can't check signature: public key not found" after I executed --verify command

• Solution: need to import the GPG public keys gpg --import keys.txt

further reading

• GnuPG documentation
• Mac Mac OS X: how to generate md5 sha1 sha256 checksums from command line
• related terms: MD5 or SHA1 Checksum

"Calculate the md5 hash of a string"

• PHP: md5 - Manual
• MySQL :: MySQL 5.5 Reference Manual :: 12.13 Encryption and Compression Functions