[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: verify gpg sigs



Tim Morgan wrote:
> OK, maybe I figured it out...
> 
> tim@link:~$ gpg tarsnap-sigs-1.0.25.asc
> gpg: Signature made Fri 10 Jul 2009 01:46:39 PM CDT using RSA key ID
> 3DD61E72
> gpg: Good signature from "Tarsnap source code signing key (Colin
> Percival) <cperciva@tarsnap.com <mailto:cperciva@tarsnap.com>>"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: ADBD A177 656F D522 8E34  C456 56A4 286A 3DD6 1E72

That works.  Even better, if you run
$ gpg --decrypt tarsnap-sigs-1.0.25.asc
then gpg will output the signed text (i.e. "SHA256 (tarsnap-autoconf-1.0.25.tgz)
= 086787dd9d9985590c17848454e7b4e31327c3a70065c5f2611b1e0a1fddb087").

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid