From gpg4win-users-en Tue Nov 28 17:47:10 2023 From: Bernhard Reiter Date: Tue, 28 Nov 2023 17:47:10 +0000 To: gpg4win-users-en Subject: Re: [Gpg4win-users-en] verify Message-Id: <202311281847.22891.bernhard () intevation ! de> X-MARC-Message: https://marc.info/?l=gpg4win-users-en&m=170119363419910 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============2579104686714983992==" --===============2579104686714983992== Content-Type: multipart/signed; boundary="nextPart1900352.xSJFqSSzeA"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart1900352.xSJFqSSzeA Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Dienstag 28 November 2023 17:55:19 schrieb Frank Esposito: > thanks for the info ---- I am new to all this and it quite overwhelming > just to verify a file ---- =20 =46or the Gpg4win*.exe download, you don't, just check the code signature. = :) Otherwise you do it from the explorer, right click and select verify on the signature. If you want to do it on the command line as an exercise: > from the syntax of --verify how is the=20 > public key found/referenced? The public key (short "pubkey") is imported earlier and then is found in yo= ur=20 local key storage. So it is just gpg --verify FILENAME after you did an gpg --fetch https://gnupg.org/signature_key.asc Or you download https://gnupg.org/signature_key.asc and=20 gpg --import signature_key.as If you want to see more about what is happening, you can add an `-v` after= =20 the 'gpg`, like=20 gpg -v --fetch https://gnupg.org/signature_key.asc Best Regards, Bernhard =2D-=20 https://intevation.de/~bernhard =C2=A0 +49 541 33 508 3-3 Intevation GmbH, Osnabr=C3=BCck, DE; Amtsgericht Osnabr=C3=BCck, HRB 18998 Gesch=C3=A4ftsf=C3=BChrer: Frank Koormann, Bernhard Reiter --nextPart1900352.xSJFqSSzeA Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEvdlX+cT+D9xYPc1tK3ujv5vDpVQFAmVmJ58ACgkQK3ujv5vD pVRDXgv+I+vbDCsVqhZqnwgQHKAI5qni+81XTZekBkF1HGoIoEWbComzqLHwPabO HtPoK9XAoWPHFM7BuGC1jAc1z4s6fXAfZ1xrKqCUwMeM7KsojmjKG3MHY3ys6vR9 6pI2wRVYaF2lDgWZpAqNjgLfksgLbmHQWls961lOXBT2K67eFU0cya8efg+FGisK 7LnuEMqQmjZ+bwtD8+RZIxzNfsev7iilLB4vVfzajr/ihr8lc1iOsKoztgzU2o87 OAhbEILp5BrAJrlAWBC/zDl9Pd11eUSqbyhFCWGdixA4Z9QECLN4OJoTkkZ1Byv5 MGUsEgsIl7mZnrfKZ1kndOnxHwDgoD40WOIzRdCglsZw75Vu0/6Tx7EMUW+tHsKl Wf0CAp1X9IOf53r7Ic44tMoenHav6/Dnkbe81IDitlY6OKjXvqoWV6oXWvZ/r8Fp rSCJRcNiRxr3Ld6gNC/9umf4AkRblXSkzeDy+GgjKTqo3Oqg8564qlWQLrkBpcWh UWcYRFTf =dnGo -----END PGP SIGNATURE----- --nextPart1900352.xSJFqSSzeA-- --===============2579104686714983992== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KR3BnNHdpbi11 c2Vycy1lbiBtYWlsaW5nIGxpc3QKR3BnNHdpbi11c2Vycy1lbkB3YWxkLmludGV2YXRpb24ub3Jn Cmh0dHBzOi8vbGlzdHMud2FsZC5pbnRldmF0aW9uLm9yZy9jZ2ktYmluL21haWxtYW4vbGlzdGlu Zm8vZ3BnNHdpbi11c2Vycy1lbg== --===============2579104686714983992==--