How to verify X.509 signatures?
Markus Reichelt
ml at mareichelt.com
Sun Mar 24 10:22:48 CET 2013
* adrelanos <adrelanos at riseup.net> wrote:
> TrueCrypt.org says [1] they are signing "TrueCrypt Setup 7.1a.exe"
> [2] with a X.509 signature. How can I verify such a signature?
For Windows, they explicitly state how to do that.
> (On Debian Wheezy.) I tried:
> gpg2 --verify "TrueCrypt Setup 7.1a.exe"
>
> gpg: no valid OpenPGP data found.
> gpg: the signature could not be verified.
> Please remember that the signature file (.sig or .asc)
> should be the first file given on the command line.
>
> gpgsm --verify "TrueCrypt Setup 7.1a.exe"
> gpgsm: ksba_cms_parse failed: End of file
I'd consult the OpenSSL manual.
If I parse your quest correctly, you are trying to check the sig of a
Windows binary on some debian system. Why not ask the TrueCrypt head
honchos about putting up that info as well?
--
left blank, right bald
More information about the Gnupg-users
mailing list