It is not easy to find the GPG signature. I just had a look around and couldn’t find it.
— Peter West p...@pbw.id.au “Put your finger here, and see my hands; and put out your hand, and place it in my side. Do not disbelieve, but believe.” Thomas answered him, “My Lord and my God!” > On 19 Apr 2023, at 11:33 am, Sriranga Veeraraghavan <srira...@berkeley.edu> > wrote: > > Hi Dave, > > In my experience, you shouldn't need anything more than GnuPG 2.x to verify a > signature stored in a .asc file. You should be able to verify the signature > stored in a .asc file as follows: > > gpg --verify [.asc file] [.dmg file] > > This assumes that you have the relevant public key in your GnuPG keychain. > If you do not have the relevant key in your keychain, you will need to > download it and import it: > > gpg --import [key file] > > Best, > > -ranga > >> On Apr 18, 2023, at 17:08, dave c via macports-users >> <macports-users@lists.macports.org> wrote: >> >> I want to verify an installer .dmg file’s signature. I downloaded both files >> (installer and signature) from the developer’s site. >> >> I installed gpg tools and discovered that gpg is looking for a .sig file, >> but the signature file available from the developer is an .asc file. >> >> I won’t describe the rabbit hole I went down of installing other packages so >> to install apt-get which requires other packages be installed first… >> >> I’m not ignorant nor inexperienced using terminal but this time it was just >> too far. >> >> Looking for help to the shortest distance to my goal of verifying a >> signature. >> >> Thanks, >> Dave >> macOS 10.12.6 Sierra >
