Home
Wifi Tips
Fix Computer
Windows 10
Windows 11
Artificial Intelligence
Space Science
Strange story
How to Verify a GPG Signature
This how-to explains a clear and step-by-step, 1-minute process to verify that a file in your possession was digitally signed by a particular GPG Secret Key and has been unmodified since the time of signing. To verify your belief that...
Downloading What You Need
To verify your belief that someone has signed a file, you will need a copy of that person's Public Key, a copy of the file, and a copy of the signature-file that was allegedly created through the interaction of the person's Secret Key and the file.
-
Acquire the Public Key.- Import the Public Key into GPG.
-
Acquire a copy of the file in question.
- Save it in a Folder.
-
Acquire a copy of the signature-file in question.
- Save it in the same Folder.
Using GPG to Verify that someone's Secret Key Signed the File in Question
GPG will help you verify the relationship between your three files.
-
Open a command-line interface.
- Change the working directory to the Folder where your file and signature-file are saved.
-
Verify the signature.
- Type the following command into a command-line interface:
gpg --verify [signature-file] [file]- E.g., if you have acquired
- (1) the Public Key 0x416F061063FEE659,
- (2) the Tor Browser Bundle file (tor-browser.tar.gz), and
- (3) the signature-file posted alongside the Tor Browser Bundle file (tor-browser.tar.gz.asc),
- You would type the following:
gpg --verify tor-browser.tar.gz.asc tor-browser.tar.gz
You've just finished reading the article "How to Verify a GPG Signature" edited by the TipsMake team. You can save how-to-verify-a-gpg-signature.pdf to your computer here to read later or print it out. We hope this article has provided you with many useful tech tips and tricks. You can search for similar articles on tips and guides. Thank you for reading and for following us regularly.
Samuel Daniel