.Sig use the signature to verify the signature file under Linux
Some Online Resources will also be available for download resource name plus ".sig" as a separate signature file name, to check the integrity of downloaded resources.
To grub for example, the latest version of grub for the current version 2.00, available from ftp://ftp.gnu.org/gnu/grub/ download, there are two files: grub-2.00.tar.gz.sig and grub-2.00 .tar.gz.
Authentication method:
$ gpg --verify grub-2.00.tar.gz.sig grub-2.00.tar.gz
gpg: on June 28, 2012 on Thursday, 08 hours 11 minutes 54 seconds signature CST created using DSA, the key number E82E4209
gpg: Can not check signature: public key can not be found
This shows not find the corresponding public key, and the key will be prompted to verify the current number E82E4209, import the public key based on this number:
$ gpg --recv-keys E82E4209
gpg: download key 'E82E4209', from hkp server keys.gnupg.net
gpg: key E82E4209: public key "Vladimir 'phcoder' Serbinenko <[email protected] >" has been imported
gpg: did not find any absolute trust secret key
GPG: total number to be processed: 1
GPG: imported: 1
$ gpg --verify --verbose grub-2.00.tar.gz.sig grub-2.00.tar.gz
gpg: 2012 June 28 Thursday, 08 hours 11 minutes signature CST created 54 seconds, using DSA, the key number E82E4209
gpg: using PGP trust model
gpg: good signature from "Vladimir 'phcoder' Serbinenko <phcoder @ gmail.com> "
gpg: wARNING: this key is not trusted by the signature verification!
gpg: There was no evidence that the signature belongs to the owner.
Master Key fingerprint: E53D 497F 3FA4 2AD8 C9B4 D1E8 35A9 3B74 E82E 4209
gpg: binary signatures, SHA512 hash algorithm
Some Online Resources will also be available for download resource name plus ".sig" as a separate signature file name, to check the integrity of downloaded resources.
To grub for example, the latest version of grub for the current version 2.00, available from ftp://ftp.gnu.org/gnu/grub/ download, there are two files: grub-2.00.tar.gz.sig and grub-2.00 .tar.gz.
Authentication method:
$ gpg --verify grub-2.00.tar.gz.sig grub-2.00.tar.gz
gpg: on June 28, 2012 on Thursday, 08 hours 11 minutes 54 seconds signature CST created using DSA, the key number E82E4209
gpg: Can not check signature: public key can not be found
This shows not find the corresponding public key, and the key will be prompted to verify the current number E82E4209, import the public key based on this number:
$ gpg --recv-keys E82E4209
gpg: download key 'E82E4209', from hkp server keys.gnupg.net
gpg: key E82E4209: public key "Vladimir 'phcoder' Serbinenko <[email protected] >" has been imported
gpg: did not find any absolute trust secret key
GPG: total number to be processed: 1
GPG: imported: 1
$ gpg --verify --verbose grub-2.00.tar.gz.sig grub-2.00.tar.gz
gpg: 2012 June 28 Thursday, 08 hours 11 minutes signature CST created 54 seconds, using DSA, the key number E82E4209
gpg: using PGP trust model
gpg: good signature from "Vladimir 'phcoder' Serbinenko <phcoder @ gmail.com> "
gpg: wARNING: this key is not trusted by the signature verification!
gpg: There was no evidence that the signature belongs to the owner.
Master Key fingerprint: E53D 497F 3FA4 2AD8 C9B4 D1E8 35A9 3B74 E82E 4209
gpg: binary signatures, SHA512 hash algorithm