To check the detached signature (a.asc) against our release (a.tar.gz).
Option 1: Without importing KEYS file
$ gpg --verify pgp.asc commons-daemon-1.0.15-bin.zip
gpg: Signature made Thu Mar 28 08:54:06 2013 EDT using DSA key ID 0D498E23
gpg: requesting key 0D498E23 from hkps server hkps.pool.sks-keyservers.net
gpg: key 0D498E23: public key "Mladen Turk (Default signing key) <mturk@apache.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: next trustdb check due at 2021-04-28
gpg: Total number processed: 1
gpg: imported: 1
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F7DA 48BB 64BC B84E CBA7 EE69 35CD 23C1 0D49 8E23
Option 2: To import KEYS file
Download KEYS file
$ gpg --import KEYS
$ gpg --list-keys
$ gpg --verify pgp.asc commons-daemon-1.0.15-bin.zip
gpg: Signature made Thu Mar 28 08:54:06 2013 EDT using DSA key ID 0D498E23
gpg: Good signature from "Mladen Turk (Default signing key) <mturk@apache.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F7DA 48BB 64BC B84E CBA7 EE69 35CD 23C1 0D49 8E23
To trust a key
$ gpg --edit-key 0x0D498E23 trust
To checksum
$ md5 commons-daemon-1.0.15-bin.zip
MD5 (commons-daemon-1.0.15-bin.zip) = b3bc9ed9cf40e08868d36a0c1161d71e
No comments:
Post a Comment