how to verify downloaded file
Mon Jul 21 21:04:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
> I've downloaded and installed gnupg for the sole purpose of verifying
> the integrity of a downloaded file. My OS is Windows2000.
> This looked OK. Then:
> C:\My Download Files>gpg --verify stunnel-4.04.exe
> gpg: no valid OpenPGP data found.
> gpg: the signature could not be verified.
> Please remember that the signature file (.sig or .asc)
> should be the first file given on the command line.
> What must I do to verify the downloaded file?
You want to download the detached signature for the stunnel binary. A quick
look at the stunnel site show it's here:
Download it to the same folder that the stunnel exe is in and run:
That should do what you want. You will probably get a message about good
signature from an untrusted key, unless you signed the key you imported in
the first step with a trusted key. To understand all of this, you'll want
to read through the gpg help and FAQ probably.
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
Teach a man to make fire, and he will be warm for a day.
Set a man on fire, and he will be warm for the rest of his life.
-- John A. Hrastar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
-----END PGP SIGNATURE-----