PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:se:pgp:gpg:gpg

GPG

GPG stands for GnuPG, GNU Privacy Guard.

Sign

Detached Signature

Following command generates ASCII based signature SHA512SUMS.gpg of SHA512SUMS. I think most commonly used for software verification checksum files.

gpg --detach-sign --armor --output SHA512SUMS.gpg SHA512SUMS

Import Key

gpg --recv-keys D94AA3F0EFE21092
gpg: key D94AA3F0EFE21092: 2 duplicate signatures removed
gpg: key D94AA3F0EFE21092: 64 signatures not checked due to missing keys
gpg: /home/wnoguchi/.gnupg/trustdb.gpg: trustdb created
gpg: key D94AA3F0EFE21092: public key "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

Verify

wnoguchi@hotaru:~/focal$ gpg --verify SHA256SUMS.gpg SHA256SUMS
gpg: Signature made Thu 23 Apr 2020 10:46:21 PM JST
gpg:                using RSA key D94AA3F0EFE21092
gpg: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092

Verify SHA256 Checksum

grep ubuntu-20.04-live-server-amd64.iso SHA256SUMS | sha256sum -c
ubuntu-20.04-live-server-amd64.iso: OK

References

tech/se/pgp/gpg/gpg.txt · Last modified: 2020/07/15 11:43 by wnoguchi