sig help

Gilles Espinasse g.esp at
Wed Dec 10 13:47:18 CET 2008

Selon REX NUFER <RNufer at>:

> I'm trying to download and install GPG.  I've downloaded the files I need.
> The readme's all say I should verify the file by running sha1sum.exe against
> the tar files I've downloaded.  They say to use the value in the *.sig file
> to compare the output against.  But I can't read the *.sig file.  How to I
> view that file?  Does it need to be converted in some way?  Thanks in
> advance.
> Rex Nufer
You are mixing answer a) witht anwser b)
You can't use the .sig file if you don't already have gpg installed
a) If you already have a trusted Version of GnuPG installed, you
       can simply check the supplied signature:

	$ gpg --verify gnupg-x.y.z.tar.gz.sig
 b) If you don't have any of the above programs, you have to verify
       the SHA1 checksum:

	$ sha1sum gnupg-x.y.z.tar.gz

If you don't have gpg installed, you are in the b) case and have only the sha1
you could see the value at
Depending if you have loaded .bz2 or .gz flavor
826f4bef1effce61c3799c8f7d3cc8313b340b55  gnupg-1.4.9.tar.bz2
52a245d20da70a3f79a2134c8ece3a1d30554ffa  gnupg-1.4.9.tar.gz


More information about the Gnupg-devel mailing list