文件验证签名"/>
Linux下使用.sig文件验证签名
以 libunwind-1.70.tar.gz 和 libunwind-1.70.tar.gz.sig 为例
-
将 libunwind-1.70.tar.gz 和 libunwind-1.70.tar.gz.sig 放在同一路径下
-
使用gpg进行验证,此时输出如注释所示(no public key)
$ gpg --verify libunwind-1.70.tar.gz.sig libunwind-1.70.tar.gz
# output:
# gpg: signature made 2023年06月04日 星期日 2时20分45秒 CST
# gpg: using RSA kev OAOFF845B7DB3427
# gpg:Can't check signature: No public key
- 根据gpg提示的key找到公钥,此时提示 new key but contains no user ID - skipped
$ gpg --recv-keys 0x0A0FF845B7DB3427
# output:
# gpg:key 0A0FF845B7DB3427: new key but contains no user ID - skipped
# gpg:Total number processed: 1
# gpg: w/o user IDs: 1
- 切换服务器
$ gpg --key-server hkp://pgp.mit.edu --recv-keys 0x0A0FF845B7DB3427
# output:
# gpg: key 0A0FF845B7DB3427: public key "stephen M. Webb <stephen.webbabregmasoft.ca>" imported
# gpg:Total number processed: 1
# gpg: imported: 1
- 再次验证
$ gpg --verify --verbose libunwind-1.70,tar .gz.sig libunwind1.70.tar.gz
# output:
# gpg: using RSA key AOFF845B7DB3427
# gpg:using pgp trust model
# gpg:Good signature from "stephen M. Webb stephen.webbabregmasoft.ca>" [unknown]
# gpg: aka "stephen M.Webb <stephen@ubuntu>" [unknown]
# gpg: aka "stephen M.Webb <stephen.webbacanonical>" [unknown]
# gpg: aka "[jpeg image of size 3674]" [unknown]
# gpg:WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner
- 参考链接:
- .html
更多推荐
Linux下使用.sig文件验证签名
发布评论