Home › Verify PGP/GPG signature

Verify PGP/GPG signature 

magnum
Joined:
04/19/2010
Posts:
75

June 23, 2010 19:02:32    Last update: June 23, 2010 19:05:08
  1. Get the public keys. The Apache HTTPD developer keys are available from: http://www.apache.org/dist/httpd/KEYS. Save the key file as KEYS.
  2. Import the keys into your keyring. The GPG ring is stored at $HOME/.gnupg/pubring.gpg. 
    gpg --import KEYS

  3. Verify the signature. Using mod_proxy_html as example: 
    C:\Downloads>gpg mod_proxy_html.zip.asc
gpg: Signature made Fri Oct 30 10:26:26 2009 CDT using DSA key ID 40581837
gpg: Good signature from "Nick Kew <nick@webthing.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4535 10BD A6C5 8556 24E0  0923 6D0B C73A 4058 1837

C:\Downloads>gpg --verify mod_proxy_html.zip.asc mod_proxy_html.zip
gpg: Signature made Fri Oct 30 10:26:26 2009 CDT using DSA key ID 40581837
gpg: Good signature from "Nick Kew <nick@webthing.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4535 10BD A6C5 8556 24E0  0923 6D0B C73A 4058 1837

Share |
| Comment  | Tags