How To Verify Files and Signatures with PGP In Linux? – POFTUT

How To Verify Files and Signatures with PGP In Linux?

GnuPG is an opensource and popular alternative to the PGP. PGP provides encryption-related function. PGP provides a hash function like standard Linux packages. We will look ow to verify files downloaded from the internet with their PGP signatures to verify.

Find PGP Information

In this example, we will use the Apache source code. Apache PGP signature can be found and downloaded like below.

Find PGP Information

Find PGP Information

We can see that the signature file have asc extension with the same name with the compressed source code file.

Download Apache Source

We will download Apache source code related with previously downloaded PGP signature.

Download Apache Source

Download Apache Source

Verify Source Code

We will verify downloaded Apache source code with PGP by providing the signature file. We will just provide the asc file which will match the source file in the same directory.

Verify Source Code

Verify Source Code

There is a problem Can’t check signature: No Public key error. This is because we havent added the Public key of the Apache from a server.

Add Public Key Server

We will add the public key server to check our signature file. We will use --keyserver option in order to specify the GPG key server which can be an IP address or hostname. Then we will use the --recv-key option and provide the ID of the RSA key which is provided with the asc file.

Add Public Key Server

Add Public Key Server

We have successfully received a public key from the server. We can see there is some information about the imported key.

  • Some name and web address about the key is provided.
  • Total number processed shows total keys processes which is 1 in this example.
  • Imported is imported key count which is 1 in this example.
LEARN MORE  List and Change Kernel Config Variables With Sysctl Command

Check Again Signature File

We will check the signature file again. I hope it works.

Check Again Signature File

Check Again Signature File

We can see that the signed data is determined. Also, the RSA key is printed to the screen. The signer information also provided which is Daniel Ruggeri.

1 Response

  1. 23/09/2019

    […] Here the –default-key parameter is looked in keyring in fingerprint, name, email etc. If you want signature apart from data use -b option. We will provide İsmail as default key with the –default-key option. We […]

Leave a Reply

Your email address will not be published. Required fields are marked *