How to verify X.509 signatures?

Markus Reichelt ml at
Sun Mar 24 10:22:48 CET 2013

* adrelanos <adrelanos at> wrote:

> says [1] they are signing "TrueCrypt Setup 7.1a.exe"
> [2] with a X.509 signature.  How can I verify such a signature?

For Windows, they explicitly state how to do that.

> (On Debian Wheezy.) I tried:
> gpg2 --verify "TrueCrypt Setup 7.1a.exe"
> gpg: no valid OpenPGP data found.
> gpg: the signature could not be verified.
> Please remember that the signature file (.sig or .asc)
> should be the first file given on the command line.
> gpgsm --verify "TrueCrypt Setup 7.1a.exe"
> gpgsm: ksba_cms_parse failed: End of file

I'd consult the OpenSSL manual.

If I parse your quest correctly, you are trying to check the sig of a
Windows binary on some debian system.  Why not ask the TrueCrypt head
honchos about putting up that info as well?

left blank, right bald

More information about the Gnupg-users mailing list