Fwd: which program use: gpg or gpgv?

fuflono at aol.com fuflono at aol.com
Tue Jul 4 22:40:17 CEST 2017 

 

 

fuflono at aol.com

 

 

-----Original Message-----
From: fuflono <fuflono at aol.com>
To: gnupg-users <gnupg-users at gnupg.org>
Sent: Mon, Jul 3, 2017 4:01 pm
Subject: which program use: gpg or gpgv?


Hi,
my Debian8.8 has the programs about gpg: 

-rwxr-xr-x  1 root   root    1128700 Sep  3  2016 gpg
-rwxr-xr-x  1 root   root     913236 Sep  3  2016 gpg2
-rwxr-xr-x  1 root   root     334260 Sep  3  2016 gpg-agent
-rwxr-xr-x  1 root   root     148108 Sep  3  2016 gpgconf
-rwxr-xr-x  1 root   root     165508 Sep  3  2016 gpg-connect-agent
-rwxr-xr-x  1 root   root      38144 Sep  3  2016 gpgkey2ssh
-rwxr-xr-x  1 root   root      25908 Sep  3  2016 gpgparsemail
-rwxr-xr-x  1 root   root      59104 Sep  3  2016 gpgsplit
-rwxr-xr-x  1 root   root     407820 Sep  3  2016 gpgv
-rwxr-xr-x  1 root   root       3303 Sep  3  2016 gpg-zip

Are they enough or no, for  verifying integrity of packages?

Also  is  ~/.gnupg
drwx------  2 user user 4096 Aug 13  2016 private-keys-v1.d #it's empty#
-rw-------  1 user user    0 Jun 24 15:34 pubring.gpg
-rw-------  1 user user    0 Jun 28 12:45 secring.gpg
-rw-------  1 user user   40 Jun 30 07:19 trustdb.gpg
user at debian:~/.gnupg$ 

And I don;t know which program use: gpg or gpgv?
------------------------------------------
~/Downloads/screen-4.5.1$ gpg -vv --verify screen-4.5.1.tar.gz.sig screen-4.5.1.tar.gz
gpg: armor: BEGIN PGP SIGNATURE
:signature packet: algo 1, keyid 21F968DEF747ABD7
    version 4, created 1488037815, md5len 0, sigclass 0x00
    digest algo 8, begin of digest 2e ec
    hashed subpkt 33 len 21 (?)
    hashed subpkt 2 len 4 (sig created 2017-02-25)
    subpkt 16 len 8 (issuer key ID 21F968DEF747ABD7)
    data: [4095 bits]
gpg: Signature made Sat 25 Feb 2017 10:50:15 AM EST using RSA key ID F747ABD7
gpg: Can't check signature: public key not found
user at debian:~/Downloads/screen-4.5.1$ 
~/Downloads/screen-4.5.1$ 
--------------------------------------
:~/Downloads/screen-4.5.1$ gpgv -vv screen-4.5.1.tar.gz.sig
gpgv: keyblock resource `/home/user/.gnupg/trustedkeys.gpg': file open error
gpgv: armor: BEGIN PGP SIGNATURE
:signature packet: algo 1, keyid 21F968DEF747ABD7
    version 4, created 1488037815, md5len 0, sigclass 0x00
    digest algo 8, begin of digest 2e ec
    hashed subpkt 33 len 21 (?)
    hashed subpkt 2 len 4 (sig created 2017-02-25)
    subpkt 16 len 8 (issuer key ID 21F968DEF747ABD7)
    data: [4095 bits]
gpgv: no signed data
gpgv: can't hash datafile: file open error
user at debian:~/Downloads/screen-4.5.1$ 
-----------------------------------
I guess don't enough  public keys at me. Please prompt me what to do, and excuse my stupid questions:
While I shall attempt operate with gpg or gpgv, of course there will done some wrong things. May I remove improper files, which will appear? Need I switch on cookies when try get keys? Reminding, me need justl verify screen-4.5.1.tar.gz by  screen-4.5.1.tar.gz.sig ,  I hope learn this program after.
Thanks all.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170704/2dc3a5e5/attachment.html>

More information about the Gnupg-users mailing list