checking of signatures
Paul Howarth
paul at city-fan.org
Tue Mar 15 11:03:22 UTC 2005
Ankush Grover wrote:
> I have downloaded the postfix from the postfix.org site.There is a
> file called postfix-2.2.0.tar.gz.sig i know that it contains the
> signature for the file against which i have to check
> postfix-2.2.0.tar.gz. If the signature matches means there is no
> problem in the downloaded file.
>
> But I don't know how to check the signatures.
$ gpg --verify postfix-2.2.0.tar.gz.sig postfix-2.2.0.tar.gz
> Morever sometimes rpm files also have signature checking please tell
> me the procedure for checking those downloaded files also means if I
> have downloaded a software there is also a signature file with that
> software how do i check that downloaded software against the signature
> file.
$ rpm --checksig some.rpm
You need to have already imported the GPG public key of whoever signed
the package first though.
Paul.
More information about the fedora-list
mailing list