faramir.cl at gmail.com
Mon Dec 8 19:32:52 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
REX NUFER escribió:
> I’m trying to download and install GPG. I’ve downloaded the files I
> need. The readme’s all say I should verify the file by running
> sha1sum.exe against the tar files I’ve downloaded. They say to use the
> value in the *.sig file to compare the output against. But I can’t read
> the *.sig file. How to I view that file? Does it need to be converted
> in some way? Thanks in advance.
Sha1sum.exe would calculate the sha1 hash value for the tar file.
BUT the *.sig file, is not a sha1 hash, it is a GnuPG signature for the
tar file, so you would need GPG to check the tar file against the
signature file... The *.sig file is useful in case you are upgrading GPG
, or if you have access to a computer with gpg already installed on it.
If this is not the case, then you can't check the tar file by using the
*sig file, and you must look for the hash value to compare with the
Take a look at http://www.gnupg.org/download/integrity_check.en.html
There are the instructions about checking the downloaded package, and
also a list of files and sha1 values to compare.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users