Verify Downloaded Files
Jump to navigation
Jump to search
If you haven't done so already import the public key of the file provider into your gpg keyring. Hopefully you're getting the public key from a reliable source.
gpg --import keyfile.asc
Where keyfile.asc is the public key in ascii format. Alternatively, if you leave off the filename the public key can be added to the keyring from stdin (i.e. pasted from a web page) Download the target file AND the gpg signature. The gpg signature will be a separate small file with contents resemble:
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAkgaVi4ACgkQakRjwEAQIjO+tQCdEcBUJtHbitrGr+0WSExE4sXM KTIAmwe/Y3Mwuli2IBlS8H2JvWC7PX3B =Ucb1 -----END PGP SIGNATURE-----
Run the file and the signature through gpg:
gpg --verify slackware-12.1-install-dvd.iso.asc slackware-12.1-install-dvd.iso gpg: Signature made Thu 01 May 2008 11:45:50 PM GMT using DSA key ID 40102233 gpg: Good signature from "Slackware Linux Project <security@slackware.com>" Primary key fingerprint: EC56 49DA 401E 22AB FA67 36EF 6A44 63C0 4010 2233