sig help
Gilles Espinasse
g.esp at free.fr
Wed Dec 10 13:47:18 CET 2008
Selon REX NUFER <RNufer at wakemed.org>:
>
> I'm trying to download and install GPG. I've downloaded the files I need.
> The readme's all say I should verify the file by running sha1sum.exe against
> the tar files I've downloaded. They say to use the value in the *.sig file
> to compare the output against. But I can't read the *.sig file. How to I
> view that file? Does it need to be converted in some way? Thanks in
> advance.
>
> Rex Nufer
>
You are mixing answer a) witht anwser b)
You can't use the .sig file if you don't already have gpg installed
"
a) If you already have a trusted Version of GnuPG installed, you
can simply check the supplied signature:
$ gpg --verify gnupg-x.y.z.tar.gz.sig
"...
"
b) If you don't have any of the above programs, you have to verify
the SHA1 checksum:
$ sha1sum gnupg-x.y.z.tar.gz
"
If you don't have gpg installed, you are in the b) case and have only the sha1
you could see the value at http://www.gnupg.org/download/index.en.html
Depending if you have loaded .bz2 or .gz flavor
826f4bef1effce61c3799c8f7d3cc8313b340b55 gnupg-1.4.9.tar.bz2
52a245d20da70a3f79a2134c8ece3a1d30554ffa gnupg-1.4.9.tar.gz
Gilles
More information about the Gnupg-devel
mailing list