$ gpg httpd-2.0.55.tar.gz.asc
gpg: Signature made Monday 10 October 2005 07:05:15 AM IST using RSA key ID 10FDE075gpg: Can't check signature: public key not found
没有 Key ID ,当然也就无法校验文件
% gpg --verify apache_2.2.11-win32-x86-no_ssl.msi.asc
Warning: using insecure memory!
gpg: Signature made Wed Dec 10 15:32:32 2008 CST using RSA key ID CB9B9EC5
gpg: Can't check signature: No public key
所以要导入 key ID。 这里用 --recv-keys
% gpg --recv-keys CB9B9EC5
( or
Warning: using insecure memory!
gpg: requesting key CB9B9EC5 from hkp server keys.gnupg.net
gpg: key B55D9977: public key "William A. Rowe, Jr. <wrowe@rowe-clan.net>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0
gpg: Total number processed: 1
gpg:
导入完成后,再来校验,就OK了。
% gpg --verify apache_2.2.11-win32-x86-no_ssl.msi.asc
Warning: using insecure memory!
gpg: Signature made Wed Dec 10 15:32:32 2008 CST using RSA key ID CB9B9EC5
gpg: Good signature from "William A. Rowe, Jr. <wrowe@rowe-clan.net>"
gpg:
gpg:
gpg: WARNING: This key is not certified with a trusted signature!
gpg:
Primary key fingerprint: B1B9 6F45 DFBD CCF9 7401
但是还可以看到有“WARNING: This key is not certified with a trusted signature!”这样的警告,意指这个 key 没有信任签名。
基本上你可以忽略这条信息。但如果你看着心里边不舒服,那就加上信任签名。当然了,首要前提是你确定这个 key 是绝对信得过的。
% gpg --edit-key B55D9977
Warning: using insecure memory!
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0
pub
sub
sub
sub
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net>
[ unknown] (2)
[ unknown] (3)
Command> trust
pub
sub
sub
sub
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net>
[ unknown] (2)
[ unknown] (3)
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub
sub
sub
sub
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net>
[ unknown] (2)
[ unknown] (3)
Please note that the shown key validity is not necessarily correct
unless you restart the program.
Command> save
Key not changed so no update needed.
一定要选5才会绝对信任,在效验时也才不再会出现警示信息。
% gpg --verify apache_2.2.11-win32-x86-no_ssl.msi.asc
Warning: using insecure memory!
gpg: Signature made Wed Dec 10 15:32:32 2008 CST using RSA key ID CB9B9EC5
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0
gpg: Good signature from "William A. Rowe, Jr. <wrowe@rowe-clan.net>"
gpg:
gpg:
留意 Good signature 那一行,清净了。
本文介绍了如何使用GPG(GNU Privacy Guard)工具验证文件的数字签名。通过获取并导入所需的Key ID,可以解决无法校验文件的问题。在导入Key ID后,GPG能够确认文件来自可信来源,并在设置为完全信任后,消除警告信息。
1859

被折叠的 条评论
为什么被折叠?



