Now that I know what it is, searching for "gpg postfix" I keep reading of others who never got it to work (rsa or not discussion etc). I have yet to find a posting of it working.
For myself, my gpg stuff works well for what I use it (Google Apps) but is apparently broken for importing new keys: $ gpg -v --import wietse.pgp gpg: can't open `wietse.pgp': No such file or directory gpg: Total number processed: 0 $ gpg --verify postfix-2.10.0.tar.gz.sig postfix-2.10.0.tar.gz gpg: Signature made Mon 11 Feb 2013 09:19:00 AM MST using RSA key ID C12BCD99 gpg: Can't check signature: public key not found On Mon, Apr 1, 2013 at 2:18 PM, /dev/rob0 <r...@gmx.co.uk> wrote: > On Mon, Apr 01, 2013 at 02:11:53PM -0600, Robert Lopez wrote: > > How do I get the md5sum for postfix-2.10.0.tar.gz out of the > > postfix-2.10.0.tar.gz.sig file? > > The sig file is a GPG signature. Get the public key and verify the > signature: > > gpg postfix-2.10.0.tar.gz.sig > > (with postfix-2.10.0.tar.gz in the same directory) > > You don't need md5sum, in fact, I'd think that the GPG signature > should give you greater assurance than md5sum. > -- > http://rob0.nodns4.us/ -- system administration and consulting > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: > -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
