On June 1, 2014 10:45:45 AM PDT, frank ernest <do...@mail.com> wrote: >Hi again, I have been browsing and downloading gpg signed files and I'm >acctually been downloading the sigs! However, I'm having trouble >figuring out who signed what. Is there some way to determin this using >the sig? Perhaps it has the keys fingerpinnt in it or something. For >obvious things like the linux kernel source Linus himself signs it, but >on an old ftp server, serving old now dead projects, who signed what is >not quite so clear. > >Recomendations? > >Thanks Use gpg --verify followed by the sig file. Even if you do not have the public key for the person who signed it, you can fetch it with gpg --recv-keys by using the key ID that gpg --verify gave you (e.g. gpg --recv-keys DEADBEEF) or look up the key on a keyserver.
Cheers, -Paul -- PGP: 3DB6D884 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users