我从official website和相关签名下载了rsync 3.1.3,但我无法验证签名。
这不起作用
$ gpg --verify signature.sig rsync.tar.gz
gpg: unknown armor header: Version: GnuPG v1
gpg: Signature made Sun Jan 28 23:57:59 2018 UTC using DSA key ID 4B96A8C5
gpg: Can't check signature: public key not found
我看了this link,所以我尝试了这些命令,而不是工作:
$ gpg --output rsync.tar.gz --decrypt signature.sig
gpg: unknown armor header: Version: GnuPG v1
Detached signature.
Please enter name of data file: rsync.tar.gz
gpg: Signature made Sun Jan 28 23:57:59 2018 UTC using DSA key ID 4B96A8C5
gpg: Can't check signature: public key not found
$ gpg --output rsync.tar.gz --verify signature.sig
gpg: unknown armor header: Version: GnuPG v1
gpg: no signed data
gpg: can't hash datafile: file open error
我该怎么办?
答案 0 :(得分:1)
此处的问题是您已重命名分离签名的文件,原始分离签名的名称与具有附加扩展名的文件相同。
bash-4.4$ ls -l rsync-3.1.3.tar.gz*
-rw-r--r-- 1 ben wheel 905908 29 Jan 10:54 rsync-3.1.3.tar.gz
-rw-r--r-- 1 ben wheel 181 29 Jan 10:58 rsync-3.1.3.tar.gz.asc
bash-4.4$ gpg --verify rsync-3.1.3.tar.gz.asc
gpg: assuming signed data in 'rsync-3.1.3.tar.gz'
gpg: Signature made Mon 29 Jan 10:57:59 2018 AEDT
gpg: using DSA key 0x6C859FB14B96A8C5
gpg: Good signature from "Wayne Davison <wayned@users.sourceforge.net>" [unknown]
gpg: aka "Wayne Davison <wayned@samba.org>" [unknown]
gpg: wayned@samba.org: Verified 1 signature in the past 13 seconds. Encrypted
0 messages.
gpg: wayned@users.sourceforge.net: Verified 1 signature in the past 13 seconds.
Encrypted 0 messages.
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0048 C8B0 26D4 C96F 0E58 9C2F 6C85 9FB1 4B96 A8C5
bash-4.4$
当保留正确的文件名并对其运行verify命令时,GPG会正确确定签名文件的名称并检查其签名。