This wikiHow guide details a clear 1-minute process to verify that a file in your possession was digitally signed by a particular GPG Secret Key and has been unmodified since the time of signing.
Downloading What You Need
Acquire the Public Key. Import the Public Key into GPG.
Acquire a copy of the file in question. Save it in a Folder.
Acquire a copy of the signature-file in question. Save it in the same Folder.
Using GPG to Verify that someone's Secret Key Signed the File in Question
Open a command-line interface. Change the working directory to the Folder where your file and signature-file are saved.
Verify the signature. Type the following command into a command-line interface: gpg --verify [signature-file] [file] E.g., if you have acquired (1) the Public Key 0x416F061063FEE659, (2) the Tor Browser Bundle file (tor-browser.tar.gz), and (3) the signature-file posted alongside the Tor Browser Bundle file (tor-browser.tar.gz.asc), You would type the following: gpg --verify tor-browser.tar.gz.asc tor-browser.tar.gz
Comments
0 comment