无法验证 pgp 签名
Can't verify pgp signature
我从 official website 下载了 rsync 3.1.3 和相关签名,但我无法验证签名。
这行不通
$ gpg --verify signature.sig rsync.tar.gz
gpg: unknown armor header: Version: GnuPG v1
gpg: Signature made Sun Jan 28 23:57:59 2018 UTC using DSA key ID 4B96A8C5
gpg: Can't check signature: public key not found
我查看了 this link 所以我尝试了这些命令,但没有用:
$ gpg --output rsync.tar.gz --decrypt signature.sig
gpg: unknown armor header: Version: GnuPG v1
Detached signature.
Please enter name of data file: rsync.tar.gz
gpg: Signature made Sun Jan 28 23:57:59 2018 UTC using DSA key ID 4B96A8C5
gpg: Can't check signature: public key not found
$ gpg --output rsync.tar.gz --verify signature.sig
gpg: unknown armor header: Version: GnuPG v1
gpg: no signed data
gpg: can't hash datafile: file open error
我该怎么办?
这里的问题是你重命名了分离签名的文件,原始分离签名的名称与文件相同,但有一个额外的扩展名。
bash-4.4$ ls -l rsync-3.1.3.tar.gz*
-rw-r--r-- 1 ben wheel 905908 29 Jan 10:54 rsync-3.1.3.tar.gz
-rw-r--r-- 1 ben wheel 181 29 Jan 10:58 rsync-3.1.3.tar.gz.asc
bash-4.4$ gpg --verify rsync-3.1.3.tar.gz.asc
gpg: assuming signed data in 'rsync-3.1.3.tar.gz'
gpg: Signature made Mon 29 Jan 10:57:59 2018 AEDT
gpg: using DSA key 0x6C859FB14B96A8C5
gpg: Good signature from "Wayne Davison <wayned@users.sourceforge.net>" [unknown]
gpg: aka "Wayne Davison <wayned@samba.org>" [unknown]
gpg: wayned@samba.org: Verified 1 signature in the past 13 seconds. Encrypted
0 messages.
gpg: wayned@users.sourceforge.net: Verified 1 signature in the past 13 seconds.
Encrypted 0 messages.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5
bash-4.4$
当保留正确的文件名和 运行 验证命令时,GPG 会正确确定签名文件的名称并根据它检查签名。
我从 official website 下载了 rsync 3.1.3 和相关签名,但我无法验证签名。
这行不通
$ gpg --verify signature.sig rsync.tar.gz
gpg: unknown armor header: Version: GnuPG v1
gpg: Signature made Sun Jan 28 23:57:59 2018 UTC using DSA key ID 4B96A8C5
gpg: Can't check signature: public key not found
我查看了 this link 所以我尝试了这些命令,但没有用:
$ gpg --output rsync.tar.gz --decrypt signature.sig
gpg: unknown armor header: Version: GnuPG v1
Detached signature.
Please enter name of data file: rsync.tar.gz
gpg: Signature made Sun Jan 28 23:57:59 2018 UTC using DSA key ID 4B96A8C5
gpg: Can't check signature: public key not found
$ gpg --output rsync.tar.gz --verify signature.sig
gpg: unknown armor header: Version: GnuPG v1
gpg: no signed data
gpg: can't hash datafile: file open error
我该怎么办?
这里的问题是你重命名了分离签名的文件,原始分离签名的名称与文件相同,但有一个额外的扩展名。
bash-4.4$ ls -l rsync-3.1.3.tar.gz*
-rw-r--r-- 1 ben wheel 905908 29 Jan 10:54 rsync-3.1.3.tar.gz
-rw-r--r-- 1 ben wheel 181 29 Jan 10:58 rsync-3.1.3.tar.gz.asc
bash-4.4$ gpg --verify rsync-3.1.3.tar.gz.asc
gpg: assuming signed data in 'rsync-3.1.3.tar.gz'
gpg: Signature made Mon 29 Jan 10:57:59 2018 AEDT
gpg: using DSA key 0x6C859FB14B96A8C5
gpg: Good signature from "Wayne Davison <wayned@users.sourceforge.net>" [unknown]
gpg: aka "Wayne Davison <wayned@samba.org>" [unknown]
gpg: wayned@samba.org: Verified 1 signature in the past 13 seconds. Encrypted
0 messages.
gpg: wayned@users.sourceforge.net: Verified 1 signature in the past 13 seconds.
Encrypted 0 messages.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5
bash-4.4$
当保留正确的文件名和 运行 验证命令时,GPG 会正确确定签名文件的名称并根据它检查签名。