How to determine who signed what
Rejo Zenger
rejo at zenger.nl
Mon Jun 2 23:03:54 CEST 2014
++ 01/06/14 19:45 +0200 - frank ernest:
> Hi again, I have been browsing and downloading gpg signed files and I'm
> acctually been downloading the sigs! However, I'm having trouble figuring
> out who signed what. Is there some way to determin this using the sig?
> Perhaps it has the keys fingerpinnt in it or something. For obvious things
> like the linux kernel source Linus himself signs it, but on an old ftp
> server, serving old now dead projects, who signed what is not quite so
> clear.
I presume this is clear?
rejo at broop-kidron:~/Downloads$ gpg --verify
TorBrowser-3.6.1-osx32_en-US.dmg.asc TorBrowser-3.6.1-osx32_en-US.dmg
gpg: Signature made Wed May 7 01:36:52 2014 CEST
gpg: using RSA key 0x416F061063FEE659
gpg: Good signature from "Erinn Clark <erinn at torproject.org>" [full]
gpg: aka "Erinn Clark <erinn at debian.org>" [full]
gpg: aka "Erinn Clark <erinn at double-helix.org>" [full]
So, this tells you the (valid) signature has been made with the key
0x416F061063FEE659.
Does that answer your question?
--
Rejo Zenger
E rejo at zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl
T @rejozenger | J rejo at zenger.nl
OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4
XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 931 bytes
Desc: not available
URL: </pipermail/attachments/20140602/db024320/attachment.sig>
More information about the Gnupg-users
mailing list