Verifying text signature

Tyler's Avatar

Tyler

14 Apr, 2017 05:32 PM

Hi,

I am trying to verify a dmg file which i have downloaded. I also have the public key which I have imported into the key chain.
But the only issue is that the signature key doesn't download as a file, instead it opens up into a separate text window in a browser tab.
Ho do I use this to verify?
I have tried putting the dmg file on to desktop and also saving the sig text as a text document and placing in the desktop but verification just keeps coming up failed but I don't think I am doing this right.

Can you help?

Thanks,
Tyler

  1. Support Staff 1 Posted by Steve on 19 Apr, 2017 07:32 PM

    Steve's Avatar

    Hi Tyler,

    welcome to the GPGTools support platform. Sorry you are having problems using GPG Suite.

    The steps are described here: https://gpgtools.tenderapp.com/kb/how-to/how-to-verify-the-download...

    The fact that the signature does not download as a file is a bit odd and you should probably ask the maintainers of the project in question to look if they can find a better way to provide the sig file to their users.

    Saving the signature as txt file is indeed the correct step. After that please rename the text file to TheFileNameOftheFileYouWantToVerify.dmg.sig

    Are you then able to verify the signature?

    Best,
    steve

  2. 2 Posted by Tyler on 20 Apr, 2017 02:44 AM

    Tyler's Avatar

    hi Steve,

    Thanks for your response.

    Unfortunately, renaming the file didn't change the result...

    As suggested I have contacted the maintainer to ask about this.

    Thanks,
    tyler

  3. Support Staff 3 Posted by Steve on 20 Apr, 2017 11:08 AM

    Steve's Avatar

    Ok, keep us posted on what they respond. Also if this is a public download, could you share a link so we can take a closer look?

  4. 4 Posted by Tyler on 21 Apr, 2017 05:08 PM

    Tyler's Avatar

    Ok, will do. Thanks, Steve.

    Not heard anything back just yet but here is the link for qbittorrent which is what I was trying to verify.

    https://www.qbittorrent.org/download.php

    When clicking on to the download link for apple DMG or PSP signature download it goes to Fosshub which is where I downloaded the Mac OSX download and signature below it which just opens text tab.

    If I've done this incorrectly please let me know.

    Thanks,
    Tyler

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac