- Bob is going to tar up his home directory and ftp it to another place. He wants to make sure the file gets there ok. Instead of using MD5sum, Bob is going to use his new friend, gpg
- Bob is going to use an ASCII signature to sign his file. He is also going to make his signature a separate file using
gpg -b -a:
[bob@yohost bob]$ gpg -b -a bob.tar.bz2
You need a passphrase to unlock the secret key for
user: "Bob Smith (User Bob) "
1024-bit DSA key, ID 9004BC23, created 2003-01-29
[bob@yohost bob]$ ls
bob.tar.bz2 hello.txt pubkey.txt wipe-2.1.0.tar.bz2
bob.tar.bz2.asc hello.txt.asc scripts.tar wipe-2.1.0.tar.bz2.sig
brrr.txt.asc hello.txt.gpg tmp/
- Bob now has a separate file with the signature in it for the bob.tar.bz2 file:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA+OYHF21hmipAEvCMRAjGSAKDPU3ibnas0WYE3yRMSRzkHrXzIqACfT/bF
cUDHaiyAskl8eY1aPAKZ4mo=
=JVfm
-----END PGP SIGNATURE-----
- This signature will verify the authenticity of his file:
[bob@yohost bob]$ gpg --verify bob.tar.bz2.asc bob.tar.bz2
gpg: Signature made Thu 30 Jan 2003 02:49:25 PM EST using DSA key ID 9004BC23
gpg: Good signature from "Bob Smith (User Bob) "
- Now, why didn't that have a message about trust?