Thread: download verification via .sig

download verification via .sig

From

Ray Stell

Date:

08 August 2011, 14:58:13

How do you use this .sig to verify a download?
pgadmin3-1.12.3.dmg
pgadmin3-1.12.3.dmg.sig

Re: download verification via .sig

From

Guillaume Lelarge

Date:

08 August 2011, 16:19:24

On Mon, 2011-08-08 at 10:49 -0400, Ray Stell wrote:
> How do you use this .sig to verify a download?
> pgadmin3-1.12.3.dmg
> pgadmin3-1.12.3.dmg.sig
> 
> 

The package is signed with Dave Page's GPG key. His public key is
available here:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x96020E041A19643B

Once the public key has been imported, a simple "gpg --verify
pgadmin3-1.12.3.dmg.sig" allows you to check the file:

[guillaume@laptop ~]$ gpg --verify pgadmin3-1.14.0-beta3.zip.sig
gpg: Signature made Fri 08 Jul 2011 11:52:12 AM CEST using DSA key ID
1A19643B
gpg: Good signature from "Dave Page <dpage@postgresql.org>"
gpg:                 aka "Dave Page <dpage@pgadmin.org>"
gpg:                 aka "Dave Page <dave.page@enterprisedb.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 752C 3D8A 5274 C381 9231  7EAA 9602 0E04 1A19
643B

-- 
Guillaume http://blog.guillaume.lelarge.info http://www.dalibo.com