GnuPG is a complete and free replacement for PGP. You will use gpg command to validate a GPG certificate. For example, purpose download Apahce-web server tar ball. Visit Apache web site to download latest version of Apache. As usual, use wget command:
$ wget http://www.apache.org/dist/httpd/httpd-2.0.55.tar.gz
Next download gpg key listed next to download link:
$ wget http://www.apache.org/dist/httpd/httpd-2.0.55.tar.gz.asc
How do I verify integrity of the tar ball?
Use gpg command as follows:
$ gpg httpd-2.0.55.tar.gz.asc
Output:
gpg: Signature made Monday 10 October 2005 07:05:15 AM IST using RSA key ID 10FDE075 gpg: Can't check signature: public key not found
You will see an error message 'Can't check signature: public key not found'. It means you need to get the key (called 10FDE075) and install it in your public keyring. You can download key from free public key server such as pgpkeys.mit.edu
$ gpg --keyserver pgpkeys.mit.edu --recv-key 10FDE075
Output:
gpg: requesting key 10FDE075 from hkp server pgpkeys.mit.edu gpg: key 10FDE075: duplicated user ID detected - merged gpg: key 10FDE075: public key "wrowe@covalent.net" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
Once the key is installed, use the following command to check the certificate of a source code file/tar ball:
$ gpg --fingerprint 10FDE075
$ gpg --verify httpd-2.0.55.tar.gz.asc httpd-2.0.55.tar.gz
Online References:
- The GNU Privacy Guard
- OpenPGP
- How to create your own GnuPG private/public key pair
- Read more of the Howto: Verify integrity of the tar balls or source code
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 3 comments… read them below or add one }
hello,
you may have to change the switches from “-” to “–” for invoking various opens else the computer complains.
regs,
malvin
Nalvin,
I’ve updated code. Thanks for heads up.
Great article, just what I needed.