1.下载签名文件,然后用gpg –verify命令
% gpg –verify httpd-2.0.44.tar.gz.asc httpd-2.0.44.tar.gz
gpg: Signature made Sat Jan 18 07:21:28 2003 PST using DSA key ID DE885DD3
gpg: Can’t check signature: public key not found
此时会报错:public key not found
2.获取public key
% gpg –keyserver pgpkeys.mit.edu –recv-key DE885DD3
gpg: requesting key DE885DD3 from HKP keyserver pgpkeys.mit.edu
gpg: trustdb created
gpg: key DE885DD3: public key “Sander Striker striker@apache.org” imported
gpg: Total number processed: 1
gpg:imported: 1
3.重新验证
% gpg –verify httpd-2.0.44.tar.gz.asc httpd-2.0.44.tar.gz
gpg: Signature made Sat Jan 18 07:21:28 2003 PST using DSA key ID DE885DD3
gpg: Good signature from “Sander Striker striker@apache.org”
gpg: aka “Sander Striker striker@striker.nl”
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Fingerprint: 4C1E ADAD B4EF 5007 579C 919C 6635 B6C0 DE88 5DD3