gpg 校验文件

本文介绍了如何使用GPG(GNU Privacy Guard)工具验证文件的数字签名。通过获取并导入所需的Key ID,可以解决无法校验文件的问题。在导入Key ID后,GPG能够确认文件来自可信来源,并在设置为完全信任后,消除警告信息。

$ gpg httpd-2.0.55.tar.gz.asc

gpg: Signature made Monday 10 October 2005 07:05:15 AM IST using RSA key ID 10FDE075
gpg: Can't check signature: public key not found

没有 Key ID ,当然也就无法校验文件
% gpg --verify apache_2.2.11-win32-x86-no_ssl.msi.asc
Warning: using insecure memory!
gpg: Signature made Wed Dec 10 15:32:32 2008 CST using RSA key ID CB9B9EC5
gpg: Can't check signature: No public key

所以要导入 key ID。 这里用 --recv-keys
% gpg --recv-keys CB9B9EC5

( or  $ gpg --keyserver pgpkeys.mit.edu --recv-key 10FDE075 )

Warning: using insecure memory!
gpg: requesting key CB9B9EC5 from hkp server keys.gnupg.net
gpg: key B55D9977: public key "William A. Rowe, Jr. <wrowe@rowe-clan.net>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   signed:   trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

导入完成后,再来校验,就OK了。
% gpg --verify apache_2.2.11-win32-x86-no_ssl.msi.asc
Warning: using insecure memory!
gpg: Signature made Wed Dec 10 15:32:32 2008 CST using RSA key ID CB9B9EC5
gpg: Good signature from "William A. Rowe, Jr. <wrowe@rowe-clan.net>"
gpg:                 aka "William A. Rowe, Jr. <wrowe@apache.org>"
gpg:                 aka "William A. Rowe, Jr. <william.rowe@springsource.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B1B9 6F45 DFBD CCF9 7401  9235 193F 180A B55D 9977
     Subkey fingerprint: 6746 56C7 3897 2D5B D2A4  815D 8154 67B6 CB9B 9EC5

但是还可以看到有“WARNING: This key is not certified with a trusted signature!”这样的警告,意指这个 key 没有信任签名。
基本上你可以忽略这条信息。但如果你看着心里边不舒服,那就加上信任签名。当然了,首要前提是你确定这个 key 是绝对信得过的。

% gpg --edit-key B55D9977
Warning: using insecure memory!

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   signed:   trust: 0-, 0q, 0n, 0m, 0f, 1u
pub  4096R/B55D9977  created: 2008-04-09  expires: never       usage: SC
                     trust: undefined     validity: unknown
sub  4096R/CB9B9EC5  created: 2008-04-09  expires: 2009-07-03  usage: S
sub  4096R/C10FE28B  created: 2008-04-09  expires: 2009-07-03  usage: E
sub  4096g/FF1392F5  created: 2008-04-09  expires: 2009-07-03  usage: E
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net>
[ unknown] (2)  William A. Rowe, Jr. <wrowe@apache.org>
[ unknown] (3)  William A. Rowe, Jr. <william.rowe@springsource.com>

Command> trust
pub  4096R/B55D9977  created: 2008-04-09  expires: never       usage: SC
                     trust: undefined     validity: unknown
sub  4096R/CB9B9EC5  created: 2008-04-09  expires: 2009-07-03  usage: S
sub  4096R/C10FE28B  created: 2008-04-09  expires: 2009-07-03  usage: E
sub  4096g/FF1392F5  created: 2008-04-09  expires: 2009-07-03  usage: E
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net>
[ unknown] (2)  William A. Rowe, Jr. <wrowe@apache.org>
[ unknown] (3)  William A. Rowe, Jr. <william.rowe@springsource.com>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

pub  4096R/B55D9977  created: 2008-04-09  expires: never       usage: SC
                     trust: ultimate      validity: unknown
sub  4096R/CB9B9EC5  created: 2008-04-09  expires: 2009-07-03  usage: S
sub  4096R/C10FE28B  created: 2008-04-09  expires: 2009-07-03  usage: E
sub  4096g/FF1392F5  created: 2008-04-09  expires: 2009-07-03  usage: E
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net>
[ unknown] (2)  William A. Rowe, Jr. <wrowe@apache.org>
[ unknown] (3)  William A. Rowe, Jr. <william.rowe@springsource.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.

Command> save
Key not changed so no update needed.
一定要选5才会绝对信任,在效验时也才不再会出现警示信息。

% gpg --verify apache_2.2.11-win32-x86-no_ssl.msi.asc
Warning: using insecure memory!
gpg: Signature made Wed Dec 10 15:32:32 2008 CST using RSA key ID CB9B9EC5
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   signed:   trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: Good signature from "William A. Rowe, Jr. <wrowe@rowe-clan.net>"
gpg:                 aka "William A. Rowe, Jr. <wrowe@apache.org>"
gpg:                 aka "William A. Rowe, Jr. <william.rowe@springsource.com>"

留意 Good signature 那一行,清净了。




评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值