Doing some test with different files to verify the integrity of them I got some errors that basically I did not have any idea what was the meaning. This test was using the method “signature” file.
The following example show the error message i got and let’s see how to fix that.
Example: dk-0.0 -Win.exe
[root@securitytweak]# gpg –verify dk-0.0-Win.exe.sig dk-0.0-Win.exe
gpg: directory `/root/.gnupg’ created
gpg: new configuration file `/root/.gnupg/gpg.conf’ created
gpg: WARNING: options in `/root/.gnupg/gpg.conf’ are not yet active during this run
gpg: keyring `/root/.gnupg/pubring.gpg’ created
gpg: Signature made Thu 12 Oct 2017 10:21:28 PM CST using RSA key ID 35Z78488
gpg: Can’t check signature: No public key
So, basically that error was because the system does not have the correct public key imported in order to verify the integrity of that file, the message specify the key you need to import (35Z78488) so just find the specific key from the product vendor and import the files using the following example,
Note: The key files extension normally will be, (.pub / .public)
Just ONE key
[root@securitytweak]# gpg –import 35Z78488.pub
Where: “gpg –import [publickeyfile.pub]”
Message successfull:
gpg: directory `/root/.gnupg’ created
gpg: new configuration file `/root/.gnupg/gpg.conf’ created
gpg: WARNING: options in `/root/.gnupg/gpg.conf’ are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg’ created
gpg: keyring `/root/.gnupg/pubring.gpg’ created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 35Z78488: public key “SECURITYTWEAK RSA-2048-17” imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
More than ONE key
If you have more than one key you can import all of them with just one command,
Keys: 0F0F46CE.public / 4879EDD7.public / AA71A9CF.public / 69F8AA69.public
[root@securitytweak]# gpg –import *.public
Message successful:
gpg: key 0F0F46CE: public key “SECURITYTWEAK RSA-2048-17” imported
gpg: key 4879EDD7: public key “SECURITYTWEAK RSA-2048-18” imported
gpg: key AA71A9CF: public key “SECURITYTWEAK RSA-2048-19” imported
gpg: key 69F8AA69: public key “SECURITYTWEAK RSA-2048-13” imported
After you finish importing all the public keys that you need to sucessfuly verify the integrity please run one more time the command to verify the integrity of the file.