How to Verify a PGP Signature: 14 Steps (with Pictures) - wikiHow (2024)

Table of Contents
Linux & macOS Windows Community Q&A Video Tips You Might Also Like References About This Article Is this article up to date?
  • Categories
  • Computers and Electronics
  • Internet
  • Internet Security

Download Article

Explore this Article

methods

2Windows

Other Sections

Video

Related Articles

References

Article Summary

Written byNicole Levine, MFA

Last Updated: August 5, 2024Fact Checked

Download Article

This wikiHow teaches you how to verify the PGP signature of a downloaded file. You should always verify the PGP signature of a signed file to make sure the version you downloaded is official. To verify the signature, you'll need the publisher's public key, the software's signature file, and GnuPG. GnuPG is preinstalled in all Linux distributions, but you'll need to install it if you're using Windows or macOS.

Method 1

Method 1 of 2:

Linux & macOS

Download Article

  1. 1

    Install GPG if you're using a Mac. If you're using a Linux installation outside of macOS, you can skip this step. macOS users should first install Homebrew, and then use it to install the GnuPG software package:

  2. 2

    Download the PGP signature file. This is the file that ends with .sig. Be sure to save the signature file to the same directory as the file you want to check.

    • An easy way to do this is from the command prompt is to cd into the appropriate directory and download the file using wget https://path/to/signaturefile.sig.

    Advertisem*nt

    See Also
    privacy-guides/how-to-verify-pgp-digital-signatures-using-gnupg-on-macos at master · sunknudsen/privacy-guidesPortalA Beginner’s Guide to Digital Signatures for Verifiable Credentials

  3. 3

    Download the signer's public key. You can usually download this from the signer's website or by saving an email attachment to your computer. The public key file usually ends with .asc.

    • As with downloading the signature file, you can use wget to download the public key.
    • If you have the key ID but not a path to download the file, use this command to get the key: gpg --recv-keys KEYID. If you receive the key this way, skip step 4 and go directly to step 5.

  4. 4

    Import the public key into your public keyring. You can do this with the following command in a terminal window:

    • gpg --import PUBLICKEY.
    • Replace PUBLICKEY with the actual file name.[3]

  5. 5

    Verify the signature. Now that all of the files are in their correct locations, you can verify the signature with the following command:

    • gpg --verify SIGNATURE.SIG FILE.
    • Replace SIGNATURE.SIG with the signature file name, and FILE with the name of the file you want to verify.
    • If the output says "Good Signature," you've successfully verified the key. If the signature is bad, you'll know the file is broken or has been edited since the signing.

    6. Advertisem*nt

Method 2

Method 2 of 2:

Windows

Download Article

  1. 1

    Install Gpg4win. You can get the application from https://www.gpg4win.org/download.html. During the installation, you'll see a list of apps that will be installed—just keep the default options selected.

    • The default installation location is C:\Program Files (x86)\Gnu\GnuPg\gpg.exe. When you run the command required to verify the signature, you'll need to enter the full path to the gpg.exe file. If you choose a different install location, make sure you remember the full path.[4]

  2. 2

    Download the PGP signature. This is the file that ends with .sig. You'll need to save the file to the same directory as the file you want to verify.

  3. 3

    Download the signer's public key. You can usually download this from the signer's website or by saving an email attachment to your computer. The public key file usually ends with .asc. This should also be saved to the same folder.

  4. 4

    Open the Windows File Explorer. It's the folder icon on the taskbar. You can also open it by pressing the Windows key + E.[5]

  5. 5

    Open the folder containing the signature and file you want to check. If you don't see a navigation pane in the left panel of File explorer, click the View menu at the top and select Navigation pane and then Navigation pane again to bring it up. This makes it easier to find what you're looking for.

  6. 6

    Press Shift as you right-click inside the folder. A menu will expand.

  7. 7

    Click Open Command Prompt here. If you don't see that option, select Open PowerShell window here.

  8. 8

    Import the public key file into your keychain. Here's how:

    • Type C:\Program Files (x86)\Gnu\GnuPg\gpg.exe --import PUBLICKEY and press Enter. Replace PUBLICKEY with the actual file name.
    • If you don't have a file containing the public key, but you do have a key ID, use this command instead: C:\Program Files (x86)\Gnu\GnuPg\gpg.exe --recv-keys KEYID.

  9. 9

    Check the signature. Now that the files are ready, here's how to verify the signature:[6]

    • C:\Program Files (x86)\Gnu\GnuPg\gpg.exe --verify SIGNATURE.SIG FILE.
    • Replace SIGNATURE.SIG with the signature file name, and FILE with the name of the file you want to verify.
    • If the output says "Good Signature," you've successfully verified the key. If the signature is bad, you'll know the file is broken or has been edited since the signing.

    10. Advertisem*nt

Community Q&A

Search

Add New Question

  • Question

    What is an open source software that can do the same thing? Some of us have special security circ*mstances.

    How to Verify a PGP Signature: 14 Steps (with Pictures) - wikiHow (19)

    Radj307

    Community Answer

    GPG (GNU Privacy Guard), as part of the GNU movement, is open-source software.

    Thanks! We're glad this was helpful.
    Thank you for your feedback.
    If wikiHow has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission.Support wikiHow

    YesNo

    Not Helpful 2Helpful 6

Ask a Question

200 characters left

Include your email address to get a message when this question is answered.

Submit

      Advertisem*nt

      Video

      Tips

      Submit a Tip

      All tip submissions are carefully reviewed before being published

      Name

      Please provide your name and last initial

      Submit

      Thanks for submitting a tip for review!

      You Might Also Like

      How toBreak WEP EncryptionHow to Password Protect a Microsoft Excel Spreadsheet
      How toSecure Your Wireless Home NetworkHow toSecure Your PCHow toBe Safe on the InternetHow toClear Your Browser's CookiesHow toAccess Blocked Websites4 Ways to Block p*rn on Android from Websites and Apps4 Simple Ways to View Cookies in a Web BrowserHow toOpen Incognito Mode by Default in Google Chrome (Windows)How toHack a ComputerBlock a Program from Accessing the Internet with Windows FirewallHow toPassword Protect a Web Page

      Advertisem*nt

      About This Article

      How to Verify a PGP Signature: 14 Steps (with Pictures) - wikiHow (34)

      Written by:

      Nicole Levine, MFA

      wikiHow Technology Writer

      This article was co-authored by wikiHow staff writer, Nicole Levine, MFA. Nicole Levine is a Technology Writer and Editor for wikiHow. She has more than 20 years of experience creating technical documentation and leading support teams at major web hosting and software companies. Nicole also holds an MFA in Creative Writing from Portland State University and teaches composition, fiction-writing, and zine-making at various institutions. This article has been viewed 269,188 times.

      How helpful is this?

      Co-authors: 19

      Updated: August 5, 2024

      Views:269,188

      Categories: Internet Security

      Article SummaryX

      1.Install GnuPG if you're using a Mac, or GPG4win if you're using Windows.
      2.Download the PGP signature file to the same directory as the file you're checking.
      3.Download the signer's public key to the same location.
      4.Import the key into your public keyring.
      5.Use gpg --verify to verify the signature.

      Did this summary help you?

      • Print
      • Send fan mail to authors

      Thanks to all authors for creating a page that has been read 269,188 times.

      Is this article up to date?

      Advertisem*nt

      How to Verify a PGP Signature: 14 Steps (with Pictures) - wikiHow (2024)
      Top Articles
      Prabhkiran Singh on LinkedIn: The approximate salary ranges for the top 10%, top 5%, top 2%, and top 1%… | 40 comments
      How Much Money Can You Have In The Bank On Social Security Disability?
      Radikale Landküche am Landgut Schönwalde
      Hotels Near 625 Smith Avenue Nashville Tn 37203
      Odawa Hypixel
      Week 2 Defense (DEF) Streamers, Starters & Rankings: 2024 Fantasy Tiers, Rankings
      Western Union Mexico Rate
      St Als Elm Clinic
      Caroline Cps.powerschool.com
      Aries Auhsd
      Pollen Count Central Islip
      Raid Guides - Hardstuck
      Clarksburg Wv Craigslist Personals
      Rhinotimes
      Maplestar Kemono
      Nba Rotogrinders Starting Lineups
      Buy PoE 2 Chaos Orbs - Cheap Orbs For Sale | Epiccarry
      iZurvive DayZ & ARMA Map
      Wausau Marketplace
      Theater X Orange Heights Florida
      Minnick Funeral Home West Point Nebraska
      Danielle Ranslow Obituary
      The Boogeyman (Film, 2023) - MovieMeter.nl
      Paris Immobilier - craigslist
      Sensual Massage Grand Rapids
      1636 Pokemon Fire Red U Squirrels Download
      Encore Atlanta Cheer Competition
      Mississippi Craigslist
      Bj's Tires Near Me
      Have you seen this child? Caroline Victoria Teague
      Cheap Motorcycles Craigslist
      Workday Latech Edu
      Geology - Grand Canyon National Park (U.S. National Park Service)
      Lyca Shop Near Me
      Search All of Craigslist: A Comprehensive Guide - First Republic Craigslist
      Union Corners Obgyn
      Clima De 10 Días Para 60120
      Lake Kingdom Moon 31
      Frigidaire Fdsh450Laf Installation Manual
      Dr Mayy Deadrick Paradise Valley
      Csgold Uva
      Perc H965I With Rear Load Bracket
      20 Mr. Miyagi Inspirational Quotes For Wisdom
      Zeeks Pizza Calories
      Union Supply Direct Wisconsin
      El Patron Menu Bardstown Ky
      Tamilblasters.wu
      Bomgas Cams
      Tamilyogi Cc
      Asisn Massage Near Me
      Latest Posts
      How to Carry Water When Walking or Hiking – Nomad Life. Full-time Travel
      How ideas are pitched to Netflix
      Article information

      Author: Delena Feil

      Last Updated:

      Views: 6609

      Rating: 4.4 / 5 (45 voted)

      Reviews: 92% of readers found this page helpful

      Author information

      Name: Delena Feil

      Birthday: 1998-08-29

      Address: 747 Lubowitz Run, Sidmouth, HI 90646-5543

      Phone: +99513241752844

      Job: Design Supervisor

      Hobby: Digital arts, Lacemaking, Air sports, Running, Scouting, Shooting, Puzzles

      Introduction: My name is Delena Feil, I am a clean, splendid, calm, fancy, jolly, bright, faithful person who loves writing and wants to share my knowledge and understanding with you.