gpg校验文件

茹正祥

2023-12-01

# cd /usr/ports/security/gnupg

# make install distclean

就可以在FreeBSD里安装好gnupg了。

测试：

# fetch http://apache.freelamp.com/httpd/binaries/win32/apache_2.2.14-win32-x86-openssl-0.9.8k.msi

# fetch http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc

# gpg --verify apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc

gpg: Signature made Tue Sep 29 12:02:36 2009 CST using RSA key ID 7F7214A7
gpg: Can't check signature: No public key
这是没有导入公钥ID为7F7214A7的公钥造成的，所以要先导入公钥。
# gpg --recv-keys 7F7214A7

gpg: requesting key 7F7214A7 from hkp server keys.gnupg.net
gpg: key B55D9977: public key "William A. Rowe, Jr. < wrowe@rowe-clan.net >" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

导入好后，再校验就可以了。

# gpg --verify apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc

gpg: Signature made Tue Sep 29 12:02:36 2009 CST using RSA key ID 7F7214A7
gpg: Good signature from "William A. Rowe, Jr. < wrowe@rowe-clan.net >"
gpg:                 aka "William A. Rowe, Jr. < wrowe@apache.org >"
gpg:                 aka "William A. Rowe, Jr. < william.rowe@springsource.com >"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B1B9 6F45 DFBD CCF9 7401 9235 193F 180A B55D 9977
     Subkey fingerprint: 4962 0827 E32B C882 DC6B EF54 A348 B984 7F72 14A7

有 “WARNING: This key is not certified with a trusted signature!” 这样的警告，意指这个 key 没有信任签名。
基本上你可以忽略这条信息。但如果你看着觉得不舒服，那就加上信任签名。当然了，首要前提是你确定这个 key 是绝对信得过的。

# gpg --edit-key 7F7214A7
gpg (GnuPG) 2.0.11; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub 4096R/B55D9977 created: 2008-04-09 expires: 2018-07-07 usage: SC
                     trust: unknown       validity: unknown
sub 4096R/CB9B9EC5 created: 2008-04-09 expired: 2009-07-03 usage: S
sub 4096R/C10FE28B created: 2008-04-09 expired: 2009-07-03 usage: E
sub 4096R/7F7214A7 created: 2009-07-09 expires: 2011-07-09 usage: S
sub 4096R/7715D89C created: 2009-07-09 expires: 2011-07-09 usage: E
sub 4096g/FF1392F5 created: 2008-04-09 expired: 2009-07-03 usage: E
sub 4096g/FCDC8C20 created: 2009-07-09 expires: 2011-07-09 usage: E
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net >
[ unknown] (2) William A. Rowe, Jr. <wrowe@apache.org >
[ unknown] (3) William A. Rowe, Jr. <william.rowe@springsource.com >

Command> trust
pub 4096R/B55D9977 created: 2008-04-09 expires: 2018-07-07 usage: SC
                     trust: unknown       validity: unknown
sub 4096R/CB9B9EC5 created: 2008-04-09 expired: 2009-07-03 usage: S
sub 4096R/C10FE28B created: 2008-04-09 expired: 2009-07-03 usage: E
sub 4096R/7F7214A7 created: 2009-07-09 expires: 2011-07-09 usage: S
sub 4096R/7715D89C created: 2009-07-09 expires: 2011-07-09 usage: E
sub 4096g/FF1392F5 created: 2008-04-09 expired: 2009-07-03 usage: E
sub 4096g/FCDC8C20 created: 2009-07-09 expires: 2011-07-09 usage: E
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net >
[ unknown] (2) William A. Rowe, Jr. <wrowe@apache.org >
[ unknown] (3) William A. Rowe, Jr. <william.rowe@springsource.com >

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu

Your decision? 5 (选5才是绝对信任)
Do you really want to set this key to ultimate trust? (y/N) y

pub 4096R/B55D9977 created: 2008-04-09 expires: 2018-07-07 usage: SC
                     trust: ultimate      validity: unknown
sub 4096R/CB9B9EC5 created: 2008-04-09 expired: 2009-07-03 usage: S
sub 4096R/C10FE28B created: 2008-04-09 expired: 2009-07-03 usage: E
sub 4096R/7F7214A7 created: 2009-07-09 expires: 2011-07-09 usage: S
sub 4096R/7715D89C created: 2009-07-09 expires: 2011-07-09 usage: E
sub 4096g/FF1392F5 created: 2008-04-09 expired: 2009-07-03 usage: E
sub 4096g/FCDC8C20 created: 2009-07-09 expires: 2011-07-09 usage: E
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net >
[ unknown] (2) William A. Rowe, Jr. <wrowe@apache.org >
[ unknown] (3) William A. Rowe, Jr. <william.rowe@springsource.com >
Please note that the shown key validity is not necessarily correct
unless you restart the program.

Command> save
Key not changed so no update needed.
然后再校验一次。

# gpg --verify apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc

gpg: Signature made Tue Sep 29 12:02:36 2009 CST using RSA key ID 7F7214A7
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid:   1 signed:   0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2018-07-07
gpg: Good signature from "William A. Rowe, Jr. <wrowe@rowe-clan.net >"
gpg:                 aka "William A. Rowe, Jr. <wrowe@apache.org >"
gpg:                 aka "William A. Rowe, Jr. <william.rowe@springsource.com >"

这次没警告信息了。

gpg校验文件

相关阅读

相关文章

相关问答

相关文档