.sig 签名文件怎么使用 |
您所在的位置:网站首页 › linux gpg解压 › .sig 签名文件怎么使用 |
.sig 签名文件怎么使用
|
网上下载时经常看到会同时出现一个 .sig 签名文件,或者 gpg 公钥,只知道他是用来验证下载包(.deb,.rpm…)的完整性的,不怎么注意,今天尝试了解他到底怎么用的时候,还费了一些周折! 正好准备学习ClamAV ,就以 https://www.clamav.net/downloads 为例
我这里是 ubuntu 20.04 ,自然是下载 .deb ,同时也下载了那个 .deb.sig $ ls clamav-0.104.2.linux.x86_64.deb clamav-0.104.2.linux.x86_64.deb.sig其中 .deb.sig 就是 .deb包的签名公钥 gpg在线手册 验证签名 $ gpg --verify clamav-0.104.2.linux.x86_64.deb gpg: no valid OpenPGP data found. gpg: the signature could not be verified. Please remember that the signature file (.sig or .asc) should be the first file given on the command line.用法错误!第一个参数应该是 .sig 签名文件 $ gpg --verify clamav-0.104.2.linux.x86_64.deb.sig clamav-0.104.2.linux.x86_64.deb gpg: Signature made Tue 11 Jan 2022 10:23:08 PM CST gpg: using RSA key 609B024F2B3EDD07 gpg: Can’t check signature: No public key 还是不对!没有公钥? 在公钥服务器上搜寻密钥 $ gpg --search-keys 609B024F2B3EDD07 gpg: data source: https://keys.openpgp.org:443 gpg: key "609B024F2B3EDD07" not found on keyserver gpg: keyserver search failed: Not found找不到 609B024F2B3EDD07 对应的公钥? 从公钥服务器上导入密钥 $ sudo gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 609B024F2B3EDD07 有人说会有端口问题? $ sudo gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 609B024F2B3EDD07 [sudo] password for dhbm: gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key 609B024F2B3EDD07: public key "Talos (Talos, Cisco Systems Inc.) " imported gpg: Total number processed: 1 gpg: imported: 1重复执行不会变化,不影响! $ sudo gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 609B024F2B3EDD07 gpg: key 609B024F2B3EDD07: "Talos (Talos, Cisco Systems Inc.) " not changed gpg: Total number processed: 1 gpg: unchanged: 1再次验证 但是为什么验证还是不行? 注意看以上 --recv-keys 的时候加上了 sudo ,返回在 /root/.gnupg/trustdb.gpg 所以,gpg --verify 自然也应该加上 sudo ! $ sudo gpg --verify clamav-0.104.2.linux.x86_64.deb.sig gpg: assuming signed data in 'clamav-0.104.2.linux.x86_64.deb' gpg: Signature made Tue 11 Jan 2022 10:23:08 PM CST gpg: using RSA key 609B024F2B3EDD07 gpg: Good signature from "Talos (Talos, Cisco Systems Inc.) " [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: E34D B95B 374B 3157 0496 CD3F 609B 024F 2B3E DD07$ sudo gpg --verify clamav-0.104.2.linux.x86_64.deb.sig clamav-0.104.2.linux.x86_64.deb gpg: Signature made Tue 11 Jan 2022 10:23:08 PM CST gpg: using RSA key 609B024F2B3EDD07 gpg: Good signature from "Talos (Talos, Cisco Systems Inc.) " [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: E34D B95B 374B 3157 0496 CD3F 609B 024F 2B3E DD07这就 ok !下载的 .deb 包可以放心解压安装! 顺便学习一下 gpg 命令 列出密钥 $ sudo gpg --list-keys |grep 609B024F2B3EDD07 E34DB95B374B31570496CD3F609B024F2B3EDD07列出密钥和签名 $ sudo gpg --list-sigs | grep 609B024F2B3EDD07 E34DB95B374B31570496CD3F609B024F2B3EDD07 sig 3 609B024F2B3EDD07 2021-03-30 Talos (Talos, Cisco Systems Inc.) sig 609B024F2B3EDD07 2021-03-30 Talos (Talos, Cisco Systems Inc.) dhbm@ubuntu2004-205:~/test$ sudo gpg --list-sigs |grep $ sudo gpg --list-keys |grep 609B024F2B3EDD07 |
【本文地址】
今日新闻 |
推荐新闻 |