How to determine who signed what

Rejo Zenger rejo at
Mon Jun 2 23:03:54 CEST 2014

++ 01/06/14 19:45 +0200 - frank ernest:
>   Hi again, I have been browsing and downloading gpg signed files and I'm
>   acctually been downloading the sigs! However, I'm having trouble figuring
>   out who signed what. Is there some way to determin this using the sig?
>   Perhaps it has the keys fingerpinnt in it or something. For obvious things
>   like the linux kernel source Linus himself signs it, but on an old ftp
>   server, serving old now dead projects, who signed what is not quite so
>   clear.

I presume this is clear?

  rejo at broop-kidron:~/Downloads$ gpg --verify 
  TorBrowser-3.6.1-osx32_en-US.dmg.asc TorBrowser-3.6.1-osx32_en-US.dmg
  gpg: Signature made Wed May  7 01:36:52 2014 CEST
  gpg:                using RSA key 0x416F061063FEE659
  gpg: Good signature from "Erinn Clark <erinn at>" [full]
  gpg:                 aka "Erinn Clark <erinn at>" [full]
  gpg:                 aka "Erinn Clark <erinn at>" [full]

So, this tells you the (valid) signature has been made with the key 

Does that answer your question?

Rejo Zenger
E rejo at | P +31(0)639642738 | W  
T @rejozenger | J rejo at
OpenPGP   1FBF 7B37 6537 68B1 2532  A4CB 0994 0946 21DB EFD4
XMPP OTR  271A 9186 AFBC 8124 18CF  4BE2 E000 E708 F811 5ACF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 931 bytes
Desc: not available
URL: </pipermail/attachments/20140602/db024320/attachment.sig>

More information about the Gnupg-users mailing list