sig help
Faramir
faramir.cl at gmail.com
Mon Dec 8 19:32:52 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
REX NUFER escribió:
> I’m trying to download and install GPG. I’ve downloaded the files I
> need. The readme’s all say I should verify the file by running
> sha1sum.exe against the tar files I’ve downloaded. They say to use the
> value in the *.sig file to compare the output against. But I can’t read
> the *.sig file. How to I view that file? Does it need to be converted
> in some way? Thanks in advance.
Hello
Sha1sum.exe would calculate the sha1 hash value for the tar file.
BUT the *.sig file, is not a sha1 hash, it is a GnuPG signature for the
tar file, so you would need GPG to check the tar file against the
signature file... The *.sig file is useful in case you are upgrading GPG
, or if you have access to a computer with gpg already installed on it.
If this is not the case, then you can't check the tar file by using the
*sig file, and you must look for the hash value to compare with the
sha1sum.exe file...
Take a look at http://www.gnupg.org/download/integrity_check.en.html
There are the instructions about checking the downloaded package, and
also a list of files and sha1 values to compare.
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJJPWhUAAoJEMV4f6PvczxAX80IAIR4n8cJSdATsNo0h2dz+cBY
ogcZB8HAKZhs2+NeqUw+7HIGcIrDzLsq05KwLuvzRYDKyXSsyCWqJMjBRViwD18u
a7Ofzd2m0W2BcpFR8fe9sydhb/FCfHlcR1I86/oEJYvM6BpSXz2N6ppORQm6G9di
pggbZPt9pkjujwChTM2jsWp4Lud5xvfeD/4vveYCl7AdZ7p167dWDbHpIc6fPLLg
vwXfSm3HaQ5720wcZGkNFaNuoQ7PiZB9JegwYMSwxbf2H37MdcSpI5SqPa39+HkT
WmOkjmYeD8LyTUlZfvx+cRYkCvz43q879I3hS/wIAPp4XoqRxxjPuhYE7ZrzZzg=
=8w8k
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list