-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2005-05-31 a las 12:30 +0200, Emiliano Sutil escribió:
Comprueba manualmente si la firma es realmente válida.
Como se hace eso manualmente?
- --> ** DIGITAL SIGNATURE AND DIGEST VERIFICATION The general forms of rpm digital signature commands are rpm --import PUBKEY ... ** rpm {--checksig} [--nosignature] [--nodigest] ** PACKAGE_FILE ... ** The --checksig option checks all the digests and signatures contained in PACKAGE_FILE to ensure the integrity and origin of the package. Note that signatures are now verified whenever a package is read, and --checksig is useful to verify all of the digests and signatures associated with a package. Digital signatures cannot be verified without a public key. An ascii armored public key can be added to the rpm database using --import. An imported public key is carried in a header, and key ring management is performed exactly like package management. For example, all currently imported public keys can be displayed by: rpm -qa gpg-pubkey* Details about a specific public key, when imported, can be displayed by querying. Here's information about the Red Hat GPG/DSA key: rpm -qi gpg-pubkey-db42a60e Finally, public keys can be erased after importing just like packages. Here's how to remove the Red Hat GPG/DSA key rpm -e gpg-pubkey-db42a60e - -- Saludos Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFCnGsgtTMYHG2NR9URAllxAJ9+LcK98WIxyWf/TlRvbfiRnDB9LwCdE5en rm8sUHKRcWhJpomyF1PVUMI= =yuH1 -----END PGP SIGNATURE-----