There’re hundreds of public keyservers around the world. This is more secure because the public key is imported from a public key server, which by default is set to hkp:// in ~/.gnupg/gpg.conf file. Then display the fingerprint with: gpg -fingerprint Īnd compare the fingerprint from output with the one published on website. Note that if the software author tells you his/her public key ID on the website, then you can import the public key with the following command, so you don’t have to manually download the PGP public key and import it to your keyring. Importing Public Key from a Trusted Source If GPG tells you it’s a bad signature, then the software installer was tampered with or corrupted.
0 Comments
Leave a Reply. |