GnuPG is opensource and popular alternative to the PGP. PGP provide encryption related function. PGP provides hash function like standard linux packages. We will look ow to verify files downloaded from internet with their PGP signatures to verify.
Find PGP Information
In this example we will use Apache source code. Apache PGP signature can be found and downloaded like below.
$ wget https://www.apache.org/dist/httpd/httpd-2.4.23.tar.bz2.asc
We can see that signature file have asc extension with the same name with compressed source code file.
Download Apache Source
We will download Apache source code related with previously downloaded PGP signature.
Verify Source Code
We will verify downloaded Apache source code with PGP by providing signature file
There is a problem Can’t check signature: No Public key error
Add Public Key Server
We will add public key server to check our signature file.
gpg --keyserver pgpkeys.mit.edu --recv-key 34EA76E6791485A8
We have successfully received public key from server.
Check Again Signature File
We will check the signature file again. I hope it works