how to verify downloaded file
Mon Jul 21 21:29:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
> I've downloaded and installed gnupg for the sole purpose of verifying
> the integrity of a downloaded file. My OS is Windows2000.
> C:\My Download Files>gpg --verify stunnel-4.04.exe
> gpg: no valid OpenPGP data found.
> gpg: the signature could not be verified.
> Please remember that the signature file (.sig or .asc)
> should be the first file given on the command line.
> Then I tried following the advice given in the error message:
> C:\My Download Files>gpg --verify pgp_asc.htm stunnel-4.04.exe
> gpg: verify signatures failed: unexpected data
> What must I do to verify the downloaded file?
You need to download the detached signature that accompanies the file.
Usually it is named something like stunnel-4.04.exe.sig, but some apps
dislike multiple extensions so it may be stunnel-4.04.sig ( or .asc). Then
THAT is the file you feed to gpg; ie
gpg -- verify stunnel-4.04.exe.sig stunnel-4.04.exe
or just simply
gpg -- verify stunnel-4.04.exe.sig
John P. Clizbe Inet: JPClizbe (a) comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Most men take the straight and narrow. A few take the road less
traveled. I chose to cut through the woods."
"There is safety in Numbers... *VERY LARGE PRIME* Numbers
9:00PM Tonight on _REAL_IRONY_: Vegetarian Man Eaten by Cannibals
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr1 (Windows 2000)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----