LinuxQuestions.org - check software with PGP signature

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - check software with PGP signature (https://www.linuxquestions.org/questions/linux-newbie-8/check-software-with-pgp-signature-4175440739/)

check software with PGP signature

Hi,

I was trying to make sure if the dovecot version I have downloaded has not been tampered or anything from the dovecot website.

There is a PGP signature but I have no idea how to check it with PGP signature. I know about md5sum.

I tried to following but not successful.
gpg --keyserver wwwkeys.pgp.net --recv 40558AC9
gpg: requesting key 40558AC9 from hkp server wwwkeys.pgp.net
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

Am I doing it the right way?

Thank you

Quote:

Originally Posted by said76 (Post 4845976)

I was trying to make sure if the dovecot version I have downloaded has not been tampered or anything from the dovecot website.

Before you post try to search LQ. If you used a search term like "gpg --verify" you find threads like http://www.linuxquestions.org/questi...nature-137111/ (of course you have to know the switch is called "--verify"). As you post notice the "Similar Threads" section at the bottom of this page which lists threads with a likely similar topic to check. To check the signature use the --verify option (http://www.gnupg.org/gph/en/manual.html#AEN136):

Code:

gpg --verify dovecot-2.0.21.tar.gz.sig dovecot-2.0.21.tar.gz

Quote:

Originally Posted by said76 (Post 4845976)

gpg: keyserver timed out

Try accessing another keyserver like pgp.mit.edu, pool.sks-keyservers.net or subkeys.pgp.net.