如何使用 GPG 验证 PgAdmin 二进制文件的 ASC 签名?
How to use GPG to verify ASC signature of PgAdmin binary?
如何使用 GPG 验证 PgAdmin 二进制文件的 ASC 签名?
这是我正在验证的二进制文件:https://ftp.postgresql.org/pub/pgadmin/pgadmin4/v3.3/macos/pgadmin4-3.3.dmg
这是我使用的签名:
https://ftp.postgresql.org/pub/pgadmin/pgadmin4/v3.3/macos/pgadmin4-3.3.dmg.asc
我从 this 服务器故障答案中遵循的步骤:
- 将二进制文件下载到 ~/Downloads
导入签名
$ gpg --import pgadmin4-3.3.dmg.asc
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
那没有用,所以我尝试使用 ASC 进行验证
gpg --verify pgadmin4-3.3.dmg.asc pgadmin4-3.3.dmg
gpg: Signature made Mon Sep 3 03:27:56 2018 MDT
gpg: using RSA key E8697E2EEF76C02D3A6332778881B2A8210976F2
gpg: Can't check signature: No public key
- 那也没用。我需要额外的文件吗?
通过电子邮件发送邮件列表(应该从那里开始)后,我收到了以下内容 URL:https://pgp.mit.edu/pks/lookup?op=get&search=0x8881B2A8210976F2
其中包含以下文本,已成功导入:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: pgp.mit.edu
mQINBFtyz58BEACgKbtY59R0mxs8rWJNAn1BWNXwhuTvELNCV6gZkMRGFP14tMopd9VcUx5U
WiulT5wysji63xhkNljmE90jJdlxZwZ+XtnmLzIqp6i29EkAIUt1AoxMw2ipMhfuwE6WA6VY
xQihu5z2IDOR1PdDUHF5cX/GZgBon/2A33rG5IKTcaNZzL0Oc3rS5VzOzwnp1FHPlR7PY7BR
DNe8q1MrQq14tlgMTaYziNg2t2YwjuhNV6G33qGEh390aUnO/eMWIPJzKoi4mE5mhEbh4L/7
sFlcRUC6Vs1xa5Ab+L5y2xoDe2grraKDu+XpGJaDPLunlhDSTUsp0HsoLVU4ne/HNbCAm2b2
5tKFcFTUwDH4Ekge1/bQLCvxkB63MMLa/FgsJ0XAr8zKEQFrc89qJU4JuvadL4hAIqZ1ywFl
wTOBaNfZHbW2Pt5fprktIL5d5jIHAdQrFPvLqhhjhM03de6O6dS5lDeP8dTdqzMcqBkwFMmj
ZMeRAcoJvs0jJNc0fYwL3h2JSWQnIhsvcSe6gk8GFVRbCCy9UplK1K/5TWw+y3mtfWwUCUSW
nBIuUTV+5iG21o3rdZgfEjXJtBAWW/hKoVwBTe5Ir9yIqaomG5ul0Sn2EgOravnsAWe2nk4l
9cno5CPhGunEtiOD8YQJHskk7/NMtnPegB5j4tprXGS/cK/5hQARAQABtDxQYWNrYWdlIE1h
bmFnZXIgKFBhY2thZ2UgU2lnbmluZyBLZXkpIDxwYWNrYWdlc0BwZ2FkbWluLm9yZz6JAk4E
EwEKADgWIQToaX4u73bALTpjMneIgbKoIQl28gUCW3LPnwIbAwULCQgHAgYVCgkICwIEFgID
AQIeAQIXgAAKCRCIgbKoIQl28ukfD/4y3gGysVSJU1964mpi/4NtSTruQ+fx8rN1vY/cctdQ
Vr1ltuJsDRyPgGpXIh9zeK0/bkCreCcuGezm2WOUFR6Kf54zMWWbIrAPpbib7rYi8n50jz7S
kCfSyJZgqO2bAPBUMP6Y09mdLaB4jib9Y6nDhFgm2V0rO64yX/bznVjBzNXFjCTgbPoABU0G
uy4yHGUFHkQ7Hdg1QLhupMWlphlMJbeSxZJx0T6ApNvr2Qg+uFykSXbXjP2e/tXGb9NeHveT
tw/hD2yMPzXJZ4uQbk8mJWDfD87fHY4ZUVqLJtKiS3omePJ5FWMPnLl0PLICkvmhmhoxyKFG
jB+62/PpYwclZLR8iB7wn9tIA/q6BqP/BBhgmzpuh7ZOAU/zUZ5D+tHuQ9X0e29iFs4nxewm
SM1uCq++l+gGMFRMn0FPH8nyQS/EcB/qXXRc0J3Ja7VVfH5BdjmVvqTeJmwY+xGdLZAh/WZ9
raWd/qbRGNIcYOyhHnvp719EQxYSiiJbIQcRLDbcIBiUG322ubSiR4+saYfx4ixrHvx8QYbt
agien0kkXtoouhhIuLxq/EADRb979ZvQ1hnlUkSGHRN6mDNyLztRqy/iibZrSgX+iKR9lQYI
5MnhchihgoN7jyFUiGTV/VSG6oH2KHiTgUQawli9OirnBB1oekf2+QZfZUvnM+b+SokCMwQQ
AQoAHRYhBODEzuuCax/aT7Ro4CSt+q9pjxUZBQJbcs/+AAoJECSt+q9pjxUZ4fAP/iQpwcrU
ZrPp3WI3hi3wHAe+L6E6LiWlhMEMlqfy/2/xOpDEniwy6IEbMV7+H8WSbFYnTBM6EJAWPCMK
ZAfkduuB6xqHllEuPuFY9O13+fV5bJMrW/ej3MbX2yz+wfa6LLORRBB/e4R34suzmlSzQzRt
tPHejmpNicn0S2kA07kqdl/2I3KcsWM1a5GeRZAukDSMLI6orZAGR+r4xKpdEiEMHfoxYYxu
jmQR9+jqYYPsuViHc3LtIwaKMjTiWBx7wUDF+qIl7bNkT7P94VudNU9hhzCcYSAt4qiDykTo
jbSlXSx/ltqoTRhVQlk1kFk2g1O1zHyVpuAkolje5ZmRGa/ZFQWuSOd01n1QqiRLrQDXHKDB
h+sUOqaF4Hby/pwZwcsXGLEzSI9uC5HeWAn/yomDJInpyYwGmT9FyD9YSd9QjpM1y2/w2+KM
j1KRq7GvmZUONYaWp1+A0eCLyhdsZ+bqdS6DVnh0qKT/8ulWUKe+sxiRyAaKBF0QacuuRiRF
AfgWbQbsrEQGcDqLq7lmtmOKa0GrBQJAvTMUkxrpMG6SIe+HsJJ3/u+pmTWg77oiQqTByQPP
JF0/EgMVg/JzstHdI+FA7Q/4DKJZ5NrPBpUUQC0h+Iex426C7gBtnGXQHYB2Nx6xCtwmpPZv
w5THrRb07Y59nZEZLEdcL8bbH/CZuQINBFtyz58BEACt0Hcb8t24ZXsGcOlVnElocMMo17Id
yDvs1j2jJxrNTT6jkxlgwG+ojStsRvllRrG85Wq/FNI6LuBY3Ux+YmdaNm+p8CJiEDE/Gql4
GPSNZ7fCiiopRyyFXg61VM72lWokAT9o9GaSU0/sM5WDeXvMA5QIlAg6+jQ7+R0MMLHeH0GT
MnF58KAFmE7T72+H1zPtvH3qeQlOt+PBMJVNhjiO2MwU7NlUIKVz4Vn1JmxA1kCWEIxZyFS8
2XXKc9BXgPqwnk27lqBxdZzDWFki8SBnDdvwTT/s0chtwekWN4t2RofK0w33TF7+MSQLxpWL
r8igrQQvBq6LBfMqm8tQWHL2VDORDg5kKIpZv4pNxxIFmu1VX+W01Oj2GV6AOJgX6jadMiRl
Hptkz7D/dmnqsCyfDRCmLcwB3y2/behbV1+iW2bViUaFoQIt/XXm2Jo1YtskxZ7LDngDin88
pU6jId1NdxjP2rKUjm/dyH5jMn1engv71w16TH+GVr42ho+yOwOTYo8qKDAvQgI8I8e+MlkM
LRLpgmFiECmWCovJOQ2JHizqFOmr+eSbeg7o5VpWA+cb0sCdbGUX8Kv6i8zP/ayhVnWg1oU5
Q0HTgH9gQ0rzkR+Re2O5xSKuNYnqVOJv4eRzt1NPFgZZOw+PFMJlvEz4ujGwA/OsdJNLQK/H
EK75GwARAQABiQI2BBgBCgAgFiEE6Gl+Lu92wC06YzJ3iIGyqCEJdvIFAltyz58CGwwACgkQ
iIGyqCEJdvKPUg//f2YJGHX9FaNkCpoEk51QW5svpqITO24Ig65mEVVyx1GPOR9BQnCJoXZr
nhEv2d/BpijFE/cR/fHv9bmqc434waeZPyDyflWTn6+MQYMJJfszKdJFaaY4qPeaCcoh7GC2
qw4I5MINfNVTcinOU52XZzt6F+ENm4h8u6vbS+55sKXjRRxNMHbBlNMr0yylukdGrs3PTGEY
tXEPBhms4Plz5uHjwkvf+rti84z2qqdX6y0YWxtRBy0cGeo15NYA8kHJLIQeUYbkV20PC7Uo
oj29DpIsRxDv7F2qZ3KIse8oiJTIubdM+O7zNhzMo+XSUY2HM6aWDLCjV5SuJVJUsPxA3aEK
ijn/PjmGkr4DKhiant0nIB/pzyKelNQJHO5fgCFuV72R9GIR7yBRG2AU5OwgHQdy5F0/4/6L
tNVWZMKy2lEYuyW8fm0rbC7G5Qbz0KhYZWxp3F20rO6679ViMuNQTwQfHI9akdtFqFEFPuoH
yT3VAMxzeUAcMXwBaPcHw1EOlX1kibaM5dbDVOfKEr6JNj4VN00CeuM++rHJSTeM/gcxO+BW
pzaNFF9MMrCBL74wiY+WJ7rogRf5Du7H2e0+w/XOpuIx3rGSO9VhVrVcoTHimJPuWH7j56wy
bLS/TCh6HI8soMjYLzxWbqvSyV0b4xfbczb/7fY4Fah80eE59/M=
=E6/L
-----END PGP PUBLIC KEY BLOCK-----
然后我执行了以下命令(显示输出)来导入密钥并验证签名:
$ gpg --import postgres-pub-key.txt
gpg: key 8881B2A8210976F2: 1 signature not checked due to a missing key
gpg: key 8881B2A8210976F2: public key "Package Manager (Package Signing Key) <packages@pgadmin.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
$ gpg --verify pgadmin4-3.3.dmg.asc pgadmin4-3.3.dmg
gpg: Signature made Mon Sep 3 03:27:56 2018 MDT
gpg: using RSA key E8697E2EEF76C02D3A6332778881B2A8210976F2
gpg: Good signature from "Package Manager (Package Signing Key) <packages@pgadmin.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E869 7E2E EF76 C02D 3A63 3277 8881 B2A8 2109 76F2
如何使用 GPG 验证 PgAdmin 二进制文件的 ASC 签名?
这是我正在验证的二进制文件:https://ftp.postgresql.org/pub/pgadmin/pgadmin4/v3.3/macos/pgadmin4-3.3.dmg
这是我使用的签名: https://ftp.postgresql.org/pub/pgadmin/pgadmin4/v3.3/macos/pgadmin4-3.3.dmg.asc
我从 this 服务器故障答案中遵循的步骤:
- 将二进制文件下载到 ~/Downloads
导入签名
$ gpg --import pgadmin4-3.3.dmg.asc gpg: no valid OpenPGP data found. gpg: Total number processed: 0
那没有用,所以我尝试使用 ASC 进行验证
gpg --verify pgadmin4-3.3.dmg.asc pgadmin4-3.3.dmg gpg: Signature made Mon Sep 3 03:27:56 2018 MDT gpg: using RSA key E8697E2EEF76C02D3A6332778881B2A8210976F2 gpg: Can't check signature: No public key
- 那也没用。我需要额外的文件吗?
通过电子邮件发送邮件列表(应该从那里开始)后,我收到了以下内容 URL:https://pgp.mit.edu/pks/lookup?op=get&search=0x8881B2A8210976F2
其中包含以下文本,已成功导入:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: pgp.mit.edu
mQINBFtyz58BEACgKbtY59R0mxs8rWJNAn1BWNXwhuTvELNCV6gZkMRGFP14tMopd9VcUx5U
WiulT5wysji63xhkNljmE90jJdlxZwZ+XtnmLzIqp6i29EkAIUt1AoxMw2ipMhfuwE6WA6VY
xQihu5z2IDOR1PdDUHF5cX/GZgBon/2A33rG5IKTcaNZzL0Oc3rS5VzOzwnp1FHPlR7PY7BR
DNe8q1MrQq14tlgMTaYziNg2t2YwjuhNV6G33qGEh390aUnO/eMWIPJzKoi4mE5mhEbh4L/7
sFlcRUC6Vs1xa5Ab+L5y2xoDe2grraKDu+XpGJaDPLunlhDSTUsp0HsoLVU4ne/HNbCAm2b2
5tKFcFTUwDH4Ekge1/bQLCvxkB63MMLa/FgsJ0XAr8zKEQFrc89qJU4JuvadL4hAIqZ1ywFl
wTOBaNfZHbW2Pt5fprktIL5d5jIHAdQrFPvLqhhjhM03de6O6dS5lDeP8dTdqzMcqBkwFMmj
ZMeRAcoJvs0jJNc0fYwL3h2JSWQnIhsvcSe6gk8GFVRbCCy9UplK1K/5TWw+y3mtfWwUCUSW
nBIuUTV+5iG21o3rdZgfEjXJtBAWW/hKoVwBTe5Ir9yIqaomG5ul0Sn2EgOravnsAWe2nk4l
9cno5CPhGunEtiOD8YQJHskk7/NMtnPegB5j4tprXGS/cK/5hQARAQABtDxQYWNrYWdlIE1h
bmFnZXIgKFBhY2thZ2UgU2lnbmluZyBLZXkpIDxwYWNrYWdlc0BwZ2FkbWluLm9yZz6JAk4E
EwEKADgWIQToaX4u73bALTpjMneIgbKoIQl28gUCW3LPnwIbAwULCQgHAgYVCgkICwIEFgID
AQIeAQIXgAAKCRCIgbKoIQl28ukfD/4y3gGysVSJU1964mpi/4NtSTruQ+fx8rN1vY/cctdQ
Vr1ltuJsDRyPgGpXIh9zeK0/bkCreCcuGezm2WOUFR6Kf54zMWWbIrAPpbib7rYi8n50jz7S
kCfSyJZgqO2bAPBUMP6Y09mdLaB4jib9Y6nDhFgm2V0rO64yX/bznVjBzNXFjCTgbPoABU0G
uy4yHGUFHkQ7Hdg1QLhupMWlphlMJbeSxZJx0T6ApNvr2Qg+uFykSXbXjP2e/tXGb9NeHveT
tw/hD2yMPzXJZ4uQbk8mJWDfD87fHY4ZUVqLJtKiS3omePJ5FWMPnLl0PLICkvmhmhoxyKFG
jB+62/PpYwclZLR8iB7wn9tIA/q6BqP/BBhgmzpuh7ZOAU/zUZ5D+tHuQ9X0e29iFs4nxewm
SM1uCq++l+gGMFRMn0FPH8nyQS/EcB/qXXRc0J3Ja7VVfH5BdjmVvqTeJmwY+xGdLZAh/WZ9
raWd/qbRGNIcYOyhHnvp719EQxYSiiJbIQcRLDbcIBiUG322ubSiR4+saYfx4ixrHvx8QYbt
agien0kkXtoouhhIuLxq/EADRb979ZvQ1hnlUkSGHRN6mDNyLztRqy/iibZrSgX+iKR9lQYI
5MnhchihgoN7jyFUiGTV/VSG6oH2KHiTgUQawli9OirnBB1oekf2+QZfZUvnM+b+SokCMwQQ
AQoAHRYhBODEzuuCax/aT7Ro4CSt+q9pjxUZBQJbcs/+AAoJECSt+q9pjxUZ4fAP/iQpwcrU
ZrPp3WI3hi3wHAe+L6E6LiWlhMEMlqfy/2/xOpDEniwy6IEbMV7+H8WSbFYnTBM6EJAWPCMK
ZAfkduuB6xqHllEuPuFY9O13+fV5bJMrW/ej3MbX2yz+wfa6LLORRBB/e4R34suzmlSzQzRt
tPHejmpNicn0S2kA07kqdl/2I3KcsWM1a5GeRZAukDSMLI6orZAGR+r4xKpdEiEMHfoxYYxu
jmQR9+jqYYPsuViHc3LtIwaKMjTiWBx7wUDF+qIl7bNkT7P94VudNU9hhzCcYSAt4qiDykTo
jbSlXSx/ltqoTRhVQlk1kFk2g1O1zHyVpuAkolje5ZmRGa/ZFQWuSOd01n1QqiRLrQDXHKDB
h+sUOqaF4Hby/pwZwcsXGLEzSI9uC5HeWAn/yomDJInpyYwGmT9FyD9YSd9QjpM1y2/w2+KM
j1KRq7GvmZUONYaWp1+A0eCLyhdsZ+bqdS6DVnh0qKT/8ulWUKe+sxiRyAaKBF0QacuuRiRF
AfgWbQbsrEQGcDqLq7lmtmOKa0GrBQJAvTMUkxrpMG6SIe+HsJJ3/u+pmTWg77oiQqTByQPP
JF0/EgMVg/JzstHdI+FA7Q/4DKJZ5NrPBpUUQC0h+Iex426C7gBtnGXQHYB2Nx6xCtwmpPZv
w5THrRb07Y59nZEZLEdcL8bbH/CZuQINBFtyz58BEACt0Hcb8t24ZXsGcOlVnElocMMo17Id
yDvs1j2jJxrNTT6jkxlgwG+ojStsRvllRrG85Wq/FNI6LuBY3Ux+YmdaNm+p8CJiEDE/Gql4
GPSNZ7fCiiopRyyFXg61VM72lWokAT9o9GaSU0/sM5WDeXvMA5QIlAg6+jQ7+R0MMLHeH0GT
MnF58KAFmE7T72+H1zPtvH3qeQlOt+PBMJVNhjiO2MwU7NlUIKVz4Vn1JmxA1kCWEIxZyFS8
2XXKc9BXgPqwnk27lqBxdZzDWFki8SBnDdvwTT/s0chtwekWN4t2RofK0w33TF7+MSQLxpWL
r8igrQQvBq6LBfMqm8tQWHL2VDORDg5kKIpZv4pNxxIFmu1VX+W01Oj2GV6AOJgX6jadMiRl
Hptkz7D/dmnqsCyfDRCmLcwB3y2/behbV1+iW2bViUaFoQIt/XXm2Jo1YtskxZ7LDngDin88
pU6jId1NdxjP2rKUjm/dyH5jMn1engv71w16TH+GVr42ho+yOwOTYo8qKDAvQgI8I8e+MlkM
LRLpgmFiECmWCovJOQ2JHizqFOmr+eSbeg7o5VpWA+cb0sCdbGUX8Kv6i8zP/ayhVnWg1oU5
Q0HTgH9gQ0rzkR+Re2O5xSKuNYnqVOJv4eRzt1NPFgZZOw+PFMJlvEz4ujGwA/OsdJNLQK/H
EK75GwARAQABiQI2BBgBCgAgFiEE6Gl+Lu92wC06YzJ3iIGyqCEJdvIFAltyz58CGwwACgkQ
iIGyqCEJdvKPUg//f2YJGHX9FaNkCpoEk51QW5svpqITO24Ig65mEVVyx1GPOR9BQnCJoXZr
nhEv2d/BpijFE/cR/fHv9bmqc434waeZPyDyflWTn6+MQYMJJfszKdJFaaY4qPeaCcoh7GC2
qw4I5MINfNVTcinOU52XZzt6F+ENm4h8u6vbS+55sKXjRRxNMHbBlNMr0yylukdGrs3PTGEY
tXEPBhms4Plz5uHjwkvf+rti84z2qqdX6y0YWxtRBy0cGeo15NYA8kHJLIQeUYbkV20PC7Uo
oj29DpIsRxDv7F2qZ3KIse8oiJTIubdM+O7zNhzMo+XSUY2HM6aWDLCjV5SuJVJUsPxA3aEK
ijn/PjmGkr4DKhiant0nIB/pzyKelNQJHO5fgCFuV72R9GIR7yBRG2AU5OwgHQdy5F0/4/6L
tNVWZMKy2lEYuyW8fm0rbC7G5Qbz0KhYZWxp3F20rO6679ViMuNQTwQfHI9akdtFqFEFPuoH
yT3VAMxzeUAcMXwBaPcHw1EOlX1kibaM5dbDVOfKEr6JNj4VN00CeuM++rHJSTeM/gcxO+BW
pzaNFF9MMrCBL74wiY+WJ7rogRf5Du7H2e0+w/XOpuIx3rGSO9VhVrVcoTHimJPuWH7j56wy
bLS/TCh6HI8soMjYLzxWbqvSyV0b4xfbczb/7fY4Fah80eE59/M=
=E6/L
-----END PGP PUBLIC KEY BLOCK-----
然后我执行了以下命令(显示输出)来导入密钥并验证签名:
$ gpg --import postgres-pub-key.txt
gpg: key 8881B2A8210976F2: 1 signature not checked due to a missing key
gpg: key 8881B2A8210976F2: public key "Package Manager (Package Signing Key) <packages@pgadmin.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
$ gpg --verify pgadmin4-3.3.dmg.asc pgadmin4-3.3.dmg
gpg: Signature made Mon Sep 3 03:27:56 2018 MDT
gpg: using RSA key E8697E2EEF76C02D3A6332778881B2A8210976F2
gpg: Good signature from "Package Manager (Package Signing Key) <packages@pgadmin.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E869 7E2E EF76 C02D 3A63 3277 8881 B2A8 2109 76F2