GPG




GnuPG, also known as GPG, is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication.

To verify the file signatures, you need to add the signer’s public key to your trusted PGP/GnuPG keyring:
$ gpg –import keyname.asc
and then verify the .asc file
$ gpg -v –verify [.asc file]

Example, verifying the signature of an openvpn file:

ferdy@ConfigNotes:~$ gpg --import security.key.asc 
gpg: /home/ferdy/.gnupg/trustdb.gpg: trustdb created
gpg: key 2F2B01E7: public key "OpenVPN - Security Mailing List <security@openvpn.net>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found

ferdy@ConfigNotes:~$ gpg -v --verify openvpn-2.4.4.tar.gz.asc
gpg: armor header: Version: GnuPG v1
gpg: assuming signed data in `openvpn-2.4.4.tar.gz'
gpg: Signature made Tue 26 Sep 2017 06:19:09 AM PDT using RSA key ID 8CC2B034
gpg: using subkey 8CC2B034 instead of primary key 2F2B01E7
gpg: using PGP trust model
gpg: Good signature from "OpenVPN - Security Mailing List <security@openvpn.net>"
...



Published by

Ferdy Mañago

Portland, Oregon