menu
Copyright © 2024 Umatno. All rights reserved.
How to Verify a PGP Signature
How To

How to Verify a PGP Signature

How to Verify a PGP Signature
This wikiHow teaches you how to verify the PGP signature of a downloaded file. You should always verify the PGP signature of a signed file to make sure the version you downloaded is official. To verify the signature, you'll need the publisher's public key, the software's signature file, and GnuPG. GnuPG is preinstalled in all Linux distributions, but you'll need to install it if you're using Windows or macOS.
Steps

Linux & macOS

Install GPG if you're using a Mac. If you're using a Linux installation outside of macOS, you can skip this step. macOS users should first install Homebrew, and then use it to install the GnuPG software package: Open Terminal, which you'll find in Applications > Utilities. Type /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" and press Return. Follow the on-screen instructions to install Homebrew. Once Homebrew is installed, type brew install gnupg and press Return.

Download the PGP signature file. This is the file that ends with .sig. Be sure to save the signature file to the same directory as the file you want to check. An easy way to do this is from the command prompt is to cd into the appropriate directory and download the file using wget https://path/to/signaturefile.sig.

Download the signer's public key. You can usually download this from the signer's website or by saving an email attachment to your computer. The public key file usually ends with .asc. As with downloading the signature file, you can use wget to download the public key. If you have the key ID but not a path to download the file, use this command to get the key: gpg --recv-keys KEYID. If you receive the key this way, skip step 4 and go directly to step 5.

Import the public key into your public keyring. You can do this with the following command in a terminal window: gpg --import PUBLICKEY. Replace PUBLICKEY with the actual file name.

Verify the signature. Now that all of the files are in their correct locations, you can verify the signature with the following command: gpg --verify SIGNATURE.SIG FILE. Replace SIGNATURE.SIG with the signature file name, and FILE with the name of the file you want to verify. If the output says "Good Signature," you've successfully verified the key. If the signature is bad, you'll know the file is broken or has been edited since the signing.

Windows

Install Gpg4win. You can get the application from https://www.gpg4win.org/download.html. During the installation, you'll see a list of apps that will be installed—just keep the default options selected. The default installation location is C:\Program Files (x86)\Gnu\GnuPg\gpg.exe. When you run the command required to verify the signature, you'll need to enter the full path to the gpg.exe file. If you choose a different install location, make sure you remember the full path.

Download the PGP signature. This is the file that ends with .sig. You'll need to save the file to the same directory as the file you want to verify.

Download the signer's public key. You can usually download this from the signer's website or by saving an email attachment to your computer. The public key file usually ends with .asc. This should also be saved to the same folder.

Open the Windows File Explorer. It's the folder icon on the taskbar. You can also open it by pressing the Windows key + E.

Open the folder containing the signature and file you want to check. If you don't see a navigation pane in the left panel of File explorer, click the View menu at the top and select Navigation pane and then Navigation pane again to bring it up. This makes it easier to find what you're looking for.

Press ⇧ Shift as you right-click inside the folder. A menu will expand.

Click Open Command Prompt here. If you don't see that option, select Open PowerShell window here.

Import the public key file into your keychain. Here's how: Type C:\Program Files (x86)\Gnu\GnuPg\gpg.exe --import PUBLICKEY and press Enter. Replace PUBLICKEY with the actual file name. If you don't have a file containing the public key, but you do have a key ID, use this command instead: C:\Program Files (x86)\Gnu\GnuPg\gpg.exe --recv-keys KEYID.

Check the signature. Now that the files are ready, here's how to verify the signature: C:\Program Files (x86)\Gnu\GnuPg\gpg.exe --verify SIGNATURE.SIG FILE. Replace SIGNATURE.SIG with the signature file name, and FILE with the name of the file you want to verify. If the output says "Good Signature," you've successfully verified the key. If the signature is bad, you'll know the file is broken or has been edited since the signing.

Rustopte

Rustopte

Follow

What's your reaction?

0
AWESOME! AWESOME!
0
NICE NICE
0
LOVED LOVED
0
LOL LOL
0
FUNNY FUNNY
0
FAIL! FAIL!
0
OMG! OMG!
0
EW! EW!

Comments

https://umatno.info/assets/images/user-avatar-s.jpg

0 comment

Best Oldest Newest
Write the first comment for this!

Today's Top Posts


  1. Netflix Series 'Jamtara' Producer Booked for Rs 2.5 Crore Fraud, Accused of Cheating A Businessman
    5

    Netflix Series 'Jamtara' Producer Booked for Rs 2.5 Crore Fraud, Accused of Cheating A Businessman
  2. 'Israel Will Not Last Long': Gun In Hand, Iran's Khamenei Issues Dire Warning Amid West Asia Tensions
    5

    'Israel Will Not Last Long': Gun In Hand, Iran's Khamenei Issues Dire Warning Amid West Asia Tensions
  3. 7 Health Drinks That Can Keep Your Cholesterol Levels Under Control
    5

    7 Health Drinks That Can Keep Your Cholesterol Levels Under Control
  4. BCCI Makes Sophisticated Player Monitoring system Available to State Units
    5

    BCCI Makes Sophisticated Player Monitoring system Available to State Units
  5. Hyderabad FC vs Chennaiyin FC, ISL 2024-25: Match Preview, Live Streaming, Fantasy Picks, Predicted XI and Full Squads
    5

    Hyderabad FC vs Chennaiyin FC, ISL 2024-25: Match Preview, Live Streaming, Fantasy Picks, Predicted XI and Full Squads
  6. France Submits Final Price Offer To India For 26 Rafale Marine Jets Ahead of Key Strategic Talks
    5

    France Submits Final Price Offer To India For 26 Rafale Marine Jets Ahead of Key Strategic Talks
  7. New Zealand Appoint Jacob Oram as Bowling Coach Ahead of India Tour
    5

    New Zealand Appoint Jacob Oram as Bowling Coach Ahead of India Tour
  8. West Bengal Class 10 PPR/PPS Exam Result 2024 Released at results.indiaresults.com
    5

    West Bengal Class 10 PPR/PPS Exam Result 2024 Released at results.indiaresults.com
  9. Bigg Boss Kannada Season 11: Contestant Anusha Rai Breaks Down, Throws Away Food
    4

    Bigg Boss Kannada Season 11: Contestant Anusha Rai Breaks Down, Throws Away Food
  10. How to Downgrade to iOS 17 from iOS 18
    4

    How to Downgrade to iOS 17 from iOS 18

Connect With Community