Help me verify a file...

jsfrederick's Avatar

jsfrederick

06 Dec, 2017 01:04 AM

I am trying to verify the signature of a file. I have downloaded a zip file and a sig file. I have also downloaded the developers Public key and imported into my keychain. I want to verify that the file I downloaded has been signed by the developer.

I then select the file in Finder and bring up the services menu. I then select OpenPGP: Verify Signature of File. A window pops up and I see the result. Figure 1 attached. How do I see the signature?

When I use the command line, I see the details in figure 2.

How do I get the same info as the command line displays? What am I missing or doing wrong?

Thanks

  1. Support Staff 1 Posted by Luke Le on 09 Dec, 2017 10:32 PM

    Luke Le's Avatar

    Hi,

    what particular information are you missing in the UI?

  2. 2 Posted by jsfrederick on 17 Dec, 2017 12:18 AM

    jsfrederick's Avatar

    Well, I do see the RSA key on the command line screen shot. I have not found a way to see that the GPG way.

    I may be off base here. I am trying to correlate this to checking MD5 hashes on a file. Is the done very differently in GPG?

  3. Support Staff 3 Posted by Steve on 23 Dec, 2017 12:18 PM

    Steve's Avatar

    Hi,

    the short key ID can be found in brackets in the verification results. The short ID is the last 8 digits of the keys fingerprint.

    Verifying a gpg signature is different than verifying a MD5 hash value. MD5 should no longer be used, as it is considered broken (see also: WP).

    Does that answer your question?

    All the best and enjoy your holidays,
    steve

  4. Support Staff 4 Posted by Steve on 23 Dec, 2017 12:46 PM

    Steve's Avatar

    We have a ticket to display the keys fingerprint (instead of the short key ID) in the verification results window. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.

  5. 5 Posted by jsfrederick on 23 Dec, 2017 04:20 PM

    jsfrederick's Avatar

    Thank you Steve! That makes it all clear. I've never verified a file with GPG, only MD5. Your link makes sense as to why using GPG is better.

    I am ok with closing this ticket if you want. I got the info I wanted. I will watch the other ticket for progress.

    Thank you for all the work you do on GPGTools!

  6. Support Staff 6 Posted by Steve on 23 Dec, 2017 04:25 PM

    Steve's Avatar

    Thank you for your kind words! It's great to hear the work is appreciated.

    I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Kindly,
    steve

  7. Steve closed this discussion on 23 Dec, 2017 04:25 PM.

  8. Steve closed this discussion on 28 Jan, 2019 02:14 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac