How to Verify a GPG Signature

This how-to explains a clear and step-by-step, 1-minute process to verify that a file in your possession was digitally signed by a particular GPG Secret Key and has been unmodified since the time of signing. To verify your belief that...

Part 1 of 2:

Downloading What You Need

To verify your belief that someone has signed a file, you will need a copy of that person's Public Key, a copy of the file, and a copy of the signature-file that was allegedly created through the interaction of the person's Secret Key and the file.

  1. Picture 1 of How to Verify a GPG Signature
    Acquire the Public Key.
    1. Import the Public Key into GPG.
  2. Picture 2 of How to Verify a GPG Signature
    Acquire a copy of the file in question.
    1. Save it in a Folder.
  3. Picture 3 of How to Verify a GPG Signature
    Acquire a copy of the signature-file in question.
    1. Save it in the same Folder.
Part 2 of 2:

Using GPG to Verify that someone's Secret Key Signed the File in Question

GPG will help you verify the relationship between your three files.

  1. Picture 4 of How to Verify a GPG Signature
    Open a command-line interface.
    1. Change the working directory to the Folder where your file and signature-file are saved.
  2. Picture 5 of How to Verify a GPG Signature
    Verify the signature.
    1. Type the following command into a command-line interface:
    2. gpg --verify [signature-file] [file]
    3. E.g., if you have acquired
    4. (1) the Public Key 0x416F061063FEE659,
    5. (2) the Tor Browser Bundle file (tor-browser.tar.gz), and
    6. (3) the signature-file posted alongside the Tor Browser Bundle file (tor-browser.tar.gz.asc),
    7. You would type the following:
    8. gpg --verify tor-browser.tar.gz.asc tor-browser.tar.gz
Update 05 March 2020
filebrowsertorsignature

You should read it

Maybe you are interested

Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile