[SOLVED] PGP-Signatures on SuSE 11.1 DVD: How to use them?
SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Rep:
PGP-Signatures on SuSE 11.1 DVD: How to use them?
Subject already says all (and I'm aware that this is a stupid question, but I simply failed to turn up anything useful). There is a bunch (key-ring?) of signatures on the DVD I've got but I don't know what to do with them. I want to verify a backup copy of the original, md5sum won't work on directories (so it says) but there is nowhere any explanation how to use those keys. A pointer in the right direction or some nice links would be much appreiated.
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Original Poster
Rep:
Hi Vit77, sorry to be back only this late. I used your suggestion but the (I presume) real purpose was named in this thread: http://www.linuxquestions.org/questi...se-dvd-774931/. In brief, YAST can check the medium's integrity with those gpg keys. Thank you for your help.
<edit 2010-09-22> Here is some more information concerning the general use of gpg for checking file integrity (shamelessly copied from a post of win32sux):
must first have the vendor, organisation, or issueing person's key Before you can verify the signature that accompanies a package, you imported into your public keyring. To prevent GnuPG warning messages the key should also be validated (or locally signed).
You will also need to download the detached signature file along with the package. These files will usually have the same name as the package, with either a binary (.sig) or ASCII armor (.asc) extension.
Once their key has been imported, and the package and accompanying signature files have been downloaded, use:
$ gpg --verify sigfile signed-file
If the signature file has the same base name as the package file, the package can also be verified by specifying just the signature file, as GnuPG will derive the package's file name from the name given (less the .sig or .asc extension). For example, to verify a package named foobar.tar.gz against its detached binary signature file, use:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.