无法验证pgp签名

时间:2018-03-28 09:34:56

标签: signature gnupg

我从official website和相关签名下载了rsync 3.1.3,但我无法验证签名。

这不起作用

$ gpg --verify signature.sig rsync.tar.gz 
gpg: unknown armor header:  Version: GnuPG v1
gpg: Signature made Sun Jan 28 23:57:59 2018 UTC using DSA key ID 4B96A8C5
gpg: Can't check signature: public key not found

我看了this link,所以我尝试了这些命令,而不是工作:

$ gpg --output rsync.tar.gz --decrypt signature.sig 
gpg: unknown armor header:  Version: GnuPG v1
Detached signature.
Please enter name of data file: rsync.tar.gz 
gpg: Signature made Sun Jan 28 23:57:59 2018 UTC using DSA key ID 4B96A8C5
gpg: Can't check signature: public key not found

$ gpg --output rsync.tar.gz --verify signature.sig 
gpg: unknown armor header:  Version: GnuPG v1
gpg: no signed data
gpg: can't hash datafile: file open error

我该怎么办?

1 个答案:

答案 0 :(得分:1)

此处的问题是您已重命名分离签名的文件,原始分离签名的名称与具有附加扩展名的文件相同。

bash-4.4$ ls -l rsync-3.1.3.tar.gz*
-rw-r--r--  1 ben  wheel  905908 29 Jan 10:54 rsync-3.1.3.tar.gz
-rw-r--r--  1 ben  wheel     181 29 Jan 10:58 rsync-3.1.3.tar.gz.asc
bash-4.4$ gpg --verify rsync-3.1.3.tar.gz.asc 
gpg: assuming signed data in 'rsync-3.1.3.tar.gz'
gpg: Signature made Mon 29 Jan 10:57:59 2018 AEDT
gpg:                using DSA key 0x6C859FB14B96A8C5
gpg: Good signature from "Wayne Davison <wayned@users.sourceforge.net>" [unknown]
gpg:                 aka "Wayne Davison <wayned@samba.org>" [unknown]
gpg: wayned@samba.org: Verified 1 signature in the past 13 seconds.  Encrypted
     0 messages.
gpg: wayned@users.sourceforge.net: Verified 1 signature in the past 13 seconds.
     Encrypted 0 messages.
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0048 C8B0 26D4 C96F 0E58  9C2F 6C85 9FB1 4B96 A8C5
bash-4.4$ 

当保留正确的文件名并对其运行verify命令时,GPG会正确确定签名文件的名称并检查其签名。