GPG验证到底有什么好处?# Hardware - 计算机硬件
d*a
1 楼
我下载软件,都习惯验证一下。一般软件要么有电子签名,要么有sha1码(很多软件如
7zip可以计算sha1)
我这次下载lyx, 网站上让我经过好几步来进行gpg验证,至于这么麻烦嘛。
We provide gpg-signed tarballs and binaries. Our GPG key ID is
0xDE7A44FAC7FB382D (LyX Release Manager). The signatures are found next to
the tarballs and binaries.
To initially import our key via GnuPG, do this:
gpg --recv-keys FE66471B43559707AFDAD955DE7A44FAC7FB382D
Attention: Please be careful to use this full fingerprint, spoofed version
of shortened fingerprint is already in the wild and it is easy to make new
fake ones!
After that, each time you need to verify a tarball:
gpg --verify lyx-2.2.2.tar.gz.sig
to check the signature (or any other signed file you want to verify). Watch
out for the "Good signature..." string.
7zip可以计算sha1)
我这次下载lyx, 网站上让我经过好几步来进行gpg验证,至于这么麻烦嘛。
We provide gpg-signed tarballs and binaries. Our GPG key ID is
0xDE7A44FAC7FB382D (LyX Release Manager). The signatures are found next to
the tarballs and binaries.
To initially import our key via GnuPG, do this:
gpg --recv-keys FE66471B43559707AFDAD955DE7A44FAC7FB382D
Attention: Please be careful to use this full fingerprint, spoofed version
of shortened fingerprint is already in the wild and it is easy to make new
fake ones!
After that, each time you need to verify a tarball:
gpg --verify lyx-2.2.2.tar.gz.sig
to check the signature (or any other signed file you want to verify). Watch
out for the "Good signature..." string.