Verify a file signature
Peter West
pbw at pbw.id.au
Wed Apr 19 02:28:10 UTC 2023
It is not easy to find the GPG signature. I just had a look around and couldn’t find it.
—
Peter West
pbw at pbw.id.au
“Put your finger here, and see my hands; and put out your hand, and place it in my side. Do not disbelieve, but believe.” Thomas answered him, “My Lord and my God!”
> On 19 Apr 2023, at 11:33 am, Sriranga Veeraraghavan <sriranga at berkeley.edu> wrote:
>
> Hi Dave,
>
> In my experience, you shouldn't need anything more than GnuPG 2.x to verify a signature stored in a .asc file. You should be able to verify the signature stored in a .asc file as follows:
>
> gpg --verify [.asc file] [.dmg file]
>
> This assumes that you have the relevant public key in your GnuPG keychain. If you do not have the relevant key in your keychain, you will need to download it and import it:
>
> gpg --import [key file]
>
> Best,
>
> -ranga
>
>> On Apr 18, 2023, at 17:08, dave c via macports-users <macports-users at lists.macports.org> wrote:
>>
>> I want to verify an installer .dmg file’s signature. I downloaded both files (installer and signature) from the developer’s site.
>>
>> I installed gpg tools and discovered that gpg is looking for a .sig file, but the signature file available from the developer is an .asc file.
>>
>> I won’t describe the rabbit hole I went down of installing other packages so to install apt-get which requires other packages be installed first…
>>
>> I’m not ignorant nor inexperienced using terminal but this time it was just too far.
>>
>> Looking for help to the shortest distance to my goal of verifying a signature.
>>
>> Thanks,
>> Dave
>> macOS 10.12.6 Sierra
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20230419/ae089070/attachment.htm>
More information about the macports-users
mailing list