How to verify signature using .sig file
因为前段时间学关于Opengpg 的缘故,现贴一个校验总结。
C:\Users\Administrator>gpg2 --verify archlinux-2014.06.01-dual.iso.sig
gpg: Signature made 06/01/14 23:55:33 中国标准时间 using RSA key ID 9741E8AC
gpg: Can’t check signature: No public key
`C:\Users\Administrator>gpg2 —no-default-keyring -keyring keya.gpg archlinux-20
4.06.01-dual.iso.sig`
gpg: conflicting commands
C:\Users\Administrator>gpg2 --berify --verbose keya.gpg archlinux-2014.06.01-dul.iso.sig
gpg: invalid option “—berify”
`C:\Users\Administrator>gpg2 —verify —verbose keya.gpg archlinux-2014.06.01-du
l.iso.sig`
gpg: armor header: Version: GnuPG v2.0.22 (MingW32)gpg: verify signatures failed: Unexpected error
`C:\Users\Administrator>gpg —verify —verbose —keyring keya.gpg ./archlinux-20
2.10.06-dual.iso.sig`
gpg: keyblock resource `C:/Users/Administrator/AppData/Roaming/gnupg/keya.gpg’:
No such file or directory
gpg: can’t open `./archlinux-2012.10.06-dual.iso.sig’: Invalid argument
gpg: verify signatures failed: Invalid argument
`C:\Users\Administrator>gpg2 —verify —verbose —keyring keya.gpg archlinux-201
.06.01-dual.iso.sig`
gpg: keyblock resource `C:/Users/Administrator/AppData/Roaming/gnupg/keya.gpg’:
No such file or directory
gpg: assuming signed data in `archlinux-2014.06.01-dual.iso’
gpg: Signature made 06/01/14 23:55:33 中国标准时间 using RSA key ID 9741E8AC
gpg: using PGP trust model
gpg: Good signature from “Pierre Schmitz pierre@archlinux.de“
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE 28B7 7F2D 434B 9741 E8AC
gpg: binary signature, digest algorithm SHA1