LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-08-2007, 11:28 PM   #1
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Rep: Reputation: 30
how to verify signature without .sig file


I wonder how do I verify signatures in cases like this one, http://www.balabit.com/downloads/syslog-ng/2.0/src/ only have the following files to download:

syslog-ng-2.0.0.tar.gz File 329.64k 10/28/2006
syslog-ng-2.0.0.tar.gz.asc File 191 10/28/2006
syslog-ng-2.0.1.tar.gz File 340.35k 12/22/2006
syslog-ng-2.0.1.tar.gz.asc File 189 12/22/2006
syslog-ng-2.0.2.tar.gz File 344.24k 01/29/2007
syslog-ng-2.0.2.tar.gz.asc ..............

that's the general idea. I've seen it in a couple of websites already, how do I get the .sig file so I can verify the signature with the .asc file. How do I verify the signature if they only provide the .asc file but not the .sig file. thanks.
 
Old 02-09-2007, 12:14 AM   #2
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Original Poster
Rep: Reputation: 30
I knew would be an stupid question, just in case someone else wonder how to do it, I paste the answer here

-----> gpg --verify syslog-ng-2.0.2.tar.gz.asc syslog-ng-2.0.2.tar.gz
gpg: Signature made Mon 29 Jan 2007 03:20:17 AM MST using DSA key ID ADCF4138
gpg: Can't check signature: public key not found

-----> gpg --keyserver pgp.mit.edu --recv-keys ADCF4138
gpg: requesting key ADCF4138 from hkp server pgp.mit.edu
gpg: key ADCF4138: public key "Balazs Scheidler <bazsi@balabit.hu>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

------>gpg --verify syslog-ng-2.0.2.tar.gz.asc syslog-ng-2.0.2.tar.gz
gpg: Signature made Mon 29 Jan 2007 03:20:17 AM MST using DSA key ID ADCF4138
gpg: Good signature from "Balazs Scheidler <bazsi@balabit.hu>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8038 B76C B92A 661D E4EF 222D B613 44D0 ADCF 4138
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to verify signature ? visu Linux - Newbie 5 05-07-2009 05:25 PM
How to verify wether it is a dos or unix file sathish80 Linux - Newbie 1 03-22-2006 11:34 PM
Using Kgpg, how to verify signature gljubuncic Linux - Software 2 05-14-2005 01:31 PM
How to use a *.sig file? jerryvb Linux - General 2 11-26-2004 12:03 PM
Program to open .sig file marlaina1 Linux - General 2 12-27-2003 12:13 AM


All times are GMT -5. The time now is 11:46 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration