This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to verify Tomcat's files with PGP

 
Martin Garrido
Ranch Hand
Posts: 31
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anyone can help me with this?

I have the file, I have de associated .asc file. (and I downloaded and installe GnuPG for win). And now? I tried to solve it without success.
 
Heath Swanson
Greenhorn
Posts: 6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't know what version you'd downloaded but...
Say it's Tomcat7.
In Tomcat7 download page, there's a link to the public key in "Release Integrity" section.
First you should do is to download the KEY file, and import it such like "gpg --import KEY.txt".
(Sorry, I'm not a Windows user. But things should happen almost the same, I hope.)
Maybe you find a warning such like "untrusted key" but it can be ignored.
Then verify it.
This is my result:
$ gpg --verify apache-tomcat-7.0.16.tar.gz.asc apache-tomcat-7.0.16.tar.gz
gpg: Signature made Sat Jun 11 19:52:32 2011 JST using RSA key ID 2F6059E7
gpg: Good signature from "Mark E D Thomas <markt@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7

It says that the file was signed by "Mark E D Thomas <markt@apache.org>", and seemingly the file can be trusted.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17624
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, IIRC that's an MD5 checksum, not an encryption.

Linux comes with a program named "md5sum". Windows doesn't - as far as I know. It's not the kind of thing that Windows typically includes. So for that platform, you'll have to find an md5 checking program on your own.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic