Help me verify a file...
I am trying to verify the signature of a file. I have downloaded a zip file and a sig file. I have also downloaded the developers Public key and imported into my keychain. I want to verify that the file I downloaded has been signed by the developer.
I then select the file in Finder and bring up the services menu. I then select OpenPGP: Verify Signature of File. A window pops up and I see the result. Figure 1 attached. How do I see the signature?
When I use the command line, I see the details in figure 2.
How do I get the same info as the command line displays? What am I missing or doing wrong?
Thanks
-
Figure1.png
73.1 KB
-
Figure2.png
161 KB
Figure1.png
Figure2.png
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Luke Le on 09 Dec, 2017 10:32 PM
Hi,
what particular information are you missing in the UI?
2 Posted by jsfrederick on 17 Dec, 2017 12:18 AM
Well, I do see the RSA key on the command line screen shot. I have not found a way to see that the GPG way.
I may be off base here. I am trying to correlate this to checking MD5 hashes on a file. Is the done very differently in GPG?
Support Staff 3 Posted by Steve on 23 Dec, 2017 12:18 PM
Hi,
the short key ID can be found in brackets in the verification results. The short ID is the last 8 digits of the keys fingerprint.
Verifying a gpg signature is different than verifying a MD5 hash value. MD5 should no longer be used, as it is considered broken (see also: WP).
Does that answer your question?
All the best and enjoy your holidays,
steve
Support Staff 4 Posted by Steve on 23 Dec, 2017 12:46 PM
We have a ticket to display the keys fingerprint (instead of the short key ID) in the verification results window. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.
5 Posted by jsfrederick on 23 Dec, 2017 04:20 PM
Thank you Steve! That makes it all clear. I've never verified a file with GPG, only MD5. Your link makes sense as to why using GPG is better.
I am ok with closing this ticket if you want. I got the info I wanted. I will watch the other ticket for progress.
Thank you for all the work you do on GPGTools!
Support Staff 6 Posted by Steve on 23 Dec, 2017 04:25 PM
Thank you for your kind words! It's great to hear the work is appreciated.
I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Kindly,
steve
Steve closed this discussion on 23 Dec, 2017 04:25 PM.
Steve closed this discussion on 28 Jan, 2019 02:14 PM.