My apologies. I got this completely wrong.
> On 19 Apr 2023, at 12:28 pm, Peter West via macports-users
> <macports-users@lists.macports.org> wrote:
>
> It is not easy to find the GPG signature. I just had a look around and
> couldn’t find it.
>
> —
> Peter West
> p...@pbw.id.au <mailto:p...@pbw.id.au>
> “Put your finger here, and see my hands; and put out your hand, and place it
> in my side. Do not disbelieve, but believe.” Thomas answered him, “My Lord
> and my God!”
>
>> On 19 Apr 2023, at 11:33 am, Sriranga Veeraraghavan <srira...@berkeley.edu
>> <mailto:srira...@berkeley.edu>> wrote:
>>
>> Hi Dave,
>>
>> In my experience, you shouldn't need anything more than GnuPG 2.x to verify
>> a signature stored in a .asc file. You should be able to verify the
>> signature stored in a .asc file as follows:
>>
>> gpg --verify [.asc file] [.dmg file]
>>
>> This assumes that you have the relevant public key in your GnuPG keychain.
>> If you do not have the relevant key in your keychain, you will need to
>> download it and import it:
>>
>> gpg --import [key file]
>>
>> Best,
>>
>> -ranga
>>
>>> On Apr 18, 2023, at 17:08, dave c via macports-users
>>> <macports-users@lists.macports.org
>>> <mailto:macports-users@lists.macports.org>> wrote:
>>>
>>> I want to verify an installer .dmg file’s signature. I downloaded both
>>> files (installer and signature) from the developer’s site.
>>>
>>> I installed gpg tools and discovered that gpg is looking for a .sig file,
>>> but the signature file available from the developer is an .asc file.
>>>
>>> I won’t describe the rabbit hole I went down of installing other packages
>>> so to install apt-get which requires other packages be installed first…
>>>
>>> I’m not ignorant nor inexperienced using terminal but this time it was just
>>> too far.
>>>
>>> Looking for help to the shortest distance to my goal of verifying a
>>> signature.
>>>
>>> Thanks,
>>> Dave
>>> macOS 10.12.6 Sierra
>>
>
