-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-01-23 at 00:11 -1000, Susemail wrote:
@linux:~/bin> gpg --import pgadmin3-1.4.1.tar.gz.sig gpg: Total number processed: 0
I'm assuming pgadmin3-1.4.1.tar.gz.sig is the signed public key.
This is confusing.
If pgadmin3-1.4.1.tar.gz.sig is not the public key then why isn't the public key in the same directory as pgadmin3-1.4.1.tar.gz.sig and pgadmin3-1.4.1.tar.gz? If pgadmin3-1.4.1.tar.gz.sig is not the public key then what is it? Is there a standard way to find/recognize the public key?
The public key would never be in the same place as the package or file or whatever you want to check. That .sig should be the separate signature of the the file: you feed both the file and the .sig to pgp, and it says if the file is intact, authentic, or not - provided you already have the public key. Where is the public key? I don't know, I haven't looked. It could be obtained from a public key server, for example (like mine). It could be published on a web page. Or you could interchange it in person - that's the best way, and the only one by which you can certify that it is really his, and sign the key (web of trust). - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFD1M6AtTMYHG2NR9URAjlOAJ9ovjXfNEDQlOQHbO9w40cFjzGHswCcDufH lK/qe0WP+l0YZolnWUeBWqE= =NIDK -----END PGP SIGNATURE-----