Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE
User Name
SUSE / openSUSE This Forum is for the discussion of Suse Linux.


  Search this Thread
Old 04-07-2009, 08:12 AM   #1
Senior Member
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 42.1_64+Tumbleweed-KDE, Mint 17.3
Posts: 4,045

Rep: Reputation: Disabled
PGP-Signatures on SuSE 11.1 DVD: How to use them?

Subject already says all (and I'm aware that this is a stupid question, but I simply failed to turn up anything useful). There is a bunch (key-ring?) of signatures on the DVD I've got but I don't know what to do with them. I want to verify a backup copy of the original, md5sum won't work on directories (so it says) but there is nowhere any explanation how to use those keys. A pointer in the right direction or some nice links would be much appreiated.

Last edited by JZL240I-U; 04-15-2009 at 04:14 AM.
Old 04-10-2009, 06:50 AM   #2
Registered: Jun 2008
Location: Toronto, Canada
Distribution: SuSE, RHEL, Mageia
Posts: 132

Rep: Reputation: 17

To use these keys you need just this:
gpg --import /media/cdrom/gpg-pubkey-*.asc
gpg --import /media/cdrom/pubring.gpg
However, this will check automatically the packages you are installing only.

To check your media backup, visit
and download the corresponding .md5 or .sha file and check media integrity with this.

Last edited by Vit77; 04-10-2009 at 07:06 AM.
Old 06-04-2010, 06:52 AM   #3
Senior Member
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 42.1_64+Tumbleweed-KDE, Mint 17.3
Posts: 4,045

Original Poster
Rep: Reputation: Disabled
Hi Vit77, sorry to be back only this late. I used your suggestion but the (I presume) real purpose was named in this thread: In brief, YAST can check the medium's integrity with those gpg keys. Thank you for your help.

<edit 2010-09-22> Here is some more information concerning the general use of gpg for checking file integrity (shamelessly copied from a post of win32sux):


<edit2> And this is the exact answer I was looking for:

How do I verify signed packages?

must first have the vendor, organisation, or issueing person's key Before you can verify the signature that accompanies a package, you imported into your public keyring. To prevent GnuPG warning messages the key should also be validated (or locally signed).

You will also need to download the detached signature file along with the package. These files will usually have the same name as the package, with either a binary (.sig) or ASCII armor (.asc) extension.

Once their key has been imported, and the package and accompanying signature files have been downloaded, use:

$ gpg --verify sigfile signed-file

If the signature file has the same base name as the package file, the package can also be verified by specifying just the signature file, as GnuPG will derive the package's file name from the name given (less the .sig or .asc extension). For example, to verify a package named foobar.tar.gz against its detached binary signature file, use:

$ gpg --verify foobar.tar.gz.sig

Last edited by JZL240I-U; 04-06-2011 at 02:26 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to get SUSE installation DVD to read from secondary slave DVD drive. Kippax Linux - Hardware 3 06-09-2007 10:37 PM
can't install software from smart pgp key error SuSE 10.1 iroybk SUSE / openSUSE 1 12-13-2006 06:29 PM
Difference between SUSE EVAL DVD and SUSE SRC DVD??? doraimom SUSE / openSUSE 4 01-15-2006 08:24 AM
Every DVD Player Fails to Play DVD Movie in SuSE 9.2 Pro....Please Help ! ! ! bedi-beparwah SUSE / openSUSE 2 03-14-2005 06:08 PM
apt-rpm, SuSE 9.1, and signatures MachineShedFred Linux - Distributions 4 07-28-2004 07:59 AM > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE

All times are GMT -5. The time now is 06:31 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration