File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes how to verify Tomcat's files with PGP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "how to verify Tomcat Watch "how to verify Tomcat New topic

how to verify Tomcat's files with PGP

Martin Garrido
Ranch Hand

Joined: Dec 04, 2010
Posts: 31
Anyone can help me with this?

I have the file, I have de associated .asc file. (and I downloaded and installe GnuPG for win). And now? I tried to solve it without success.
Heath Swanson

Joined: Mar 31, 2011
Posts: 6
I don't know what version you'd downloaded but...
Say it's Tomcat7.
In Tomcat7 download page, there's a link to the public key in "Release Integrity" section.
First you should do is to download the KEY file, and import it such like "gpg --import KEY.txt".
(Sorry, I'm not a Windows user. But things should happen almost the same, I hope.)
Maybe you find a warning such like "untrusted key" but it can be ignored.
Then verify it.
This is my result:
$ gpg --verify apache-tomcat-7.0.16.tar.gz.asc apache-tomcat-7.0.16.tar.gz
gpg: Signature made Sat Jun 11 19:52:32 2011 JST using RSA key ID 2F6059E7
gpg: Good signature from "Mark E D Thomas <>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7

It says that the file was signed by "Mark E D Thomas <>", and seemingly the file can be trusted.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17421

Actually, IIRC that's an MD5 checksum, not an encryption.

Linux comes with a program named "md5sum". Windows doesn't - as far as I know. It's not the kind of thing that Windows typically includes. So for that platform, you'll have to find an md5 checking program on your own.

An IDE is no substitute for an Intelligent Developer.
subject: how to verify Tomcat's files with PGP
jQuery in Action, 3rd edition