Re: Verify a file signature

My apologies. I got this completely wrong. > On 19 Apr 2023, at 12:28 pm, Peter West via macports-users > wrote: > > It is not easy to find the GPG signature. I just had a look around and > couldn’t find it. > > — > Peter West > p...@pbw.id.au > “Put your finger here,

Re: Verify a file signature

Hi Dave, I think this message means that although the signature appears valid, GnuPG doesn't trust the signature because you have not signed the Tor project's key with your key. Assuming you have your own key, you should be able to sign the Tor project's key with your key as follows: gpg --

Re: Verify a file signature

Hello Ranga, Thank you for your post! Results were successful! However… gpg: Good signature from "Tor Browser Developers (signing key) " [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.

Re: Verify a file signature

It is not easy to find the GPG signature. I just had a look around and couldn’t find it. — Peter West p...@pbw.id.au “Put your finger here, and see my hands; and put out your hand, and place it in my side. Do not disbelieve, but believe.” Thomas answered him, “My Lord and my God!” > On 19 Apr

Re: Verify a file signature

Hi Dave, In my experience, you shouldn't need anything more than GnuPG 2.x to verify a signature stored in a .asc file. You should be able to verify the signature stored in a .asc file as follows: gpg --verify [.asc file] [.dmg file] This assumes that you have the relevant public key in your

Verify a file signature

I want to verify an installer .dmg file’s signature. I downloaded both files (installer and signature) from the developer’s site. I installed gpg tools and discovered that gpg is looking for a .sig file, but the signature file available from the developer is an .asc file. I won’t describe the r