how to verify downloaded file
Todd
Todd <Freedom_Lover@pobox.com>
Mon Jul 21 21:04:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
kynn@panix.com wrote:
> I've downloaded and installed gnupg for the sole purpose of verifying
> the integrity of a downloaded file. My OS is Windows2000.
[...]
> This looked OK. Then:
>
> C:\My Download Files>gpg --verify stunnel-4.04.exe
> gpg: no valid OpenPGP data found.
> gpg: the signature could not be verified.
> Please remember that the signature file (.sig or .asc)
> should be the first file given on the command line.
[...]
> What must I do to verify the downloaded file?
You want to download the detached signature for the stunnel binary. A quick
look at the stunnel site show it's here:
http://www.stunnel.org/download/stunnel/win32/stunnel-4.04.exe.asc
Download it to the same folder that the stunnel exe is in and run:
gpg stunnel-4.04.exe.asc
That should do what you want. You will probably get a message about good
signature from an untrusted key, unless you signed the key you imported in
the first step with a trusted key. To understand all of this, you'll want
to read through the gpg help and FAQ probably.
- --
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
============================================================================
Teach a man to make fire, and he will be warm for a day.
Set a man on fire, and he will be warm for the rest of his life.
-- John A. Hrastar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iD8DBQE/HDlruv+09NZUB1oRAvqbAKCChXwla/5/7n5RKtGw6zL6flH/WACg5+4y
Q41hxUV3hiKD5i+I6bXSatI=
=7q/5
-----END PGP SIGNATURE-----