When it comes to installing software on a Linux system, the process is typically straightforward. Most of the time, you'll rely on a package manager like apt, dnf, or Pacman to safely install software from your distribution's repositories.
However, there are cases where the desired software isn't available in the official repository of your Linux distribution. In such situations, you might need to download the software directly from the vendor’s website. But how can you be certain that the downloaded file hasn’t been altered or compromised? That's exactly what we're going to explore. This guide will walk you through the steps to verify the PGP signature of a downloaded software package in Linux.
PGP (Pretty Good Privacy) is a cryptographic tool used for signing and encrypting files. Many software developers use PGP tools like GPG (GNU Privacy Guard) to sign their software releases.
GPG, which implements the OpenPGP standard, allows for secure data transmission and also helps confirm the integrity of a source. Similarly, you can utilize GPG to ensure that the software you’ve downloaded hasn’t been tampered with.
The verification process involves five main steps:
- Download the public key of the software developer.
- Verify the fingerprint of the public key.
- Import the public key into your keyring.
- Download the software’s signature file.
- Use GPG to verify the signature against the downloaded package.
To illustrate this process, we’ll use Tixati, a peer-to-peer file sharing application, as an example. We have already downloaded the Debian package from the official Tixati website.
Verifying the PGP Signature of Tixati
First, we need to download the public key used by the developer to sign the software. This key is usually available on the software's official download page.
Use the wget command in your terminal to fetch the public key:
<code>$ wget https://www.tixati.com/tixati.key</code>
Check the Fingerprint of the Public Key
After downloading the key, the next step is to examine its fingerprint using the gpg command:
<code>$ gpg --show-keys tixati.key</code>
The fingerprint will be displayed in the output, as highlighted below.
Import the GPG Key
Once the fingerprint has been verified, import the key into your GPG keyring. This is a one-time requirement.
<code>$ gpg --import tixati.key</code>
Download the Software Signature File
Now, download the corresponding PGP signature file for the software package. It is often located next to the software file and ends with a .asc extension.
Run the following command to download the signature:
<code>$ wget https://download2.tixati.com/download/tixati_2.84-1_amd64.deb.asc</code>
Verify the Signature Against the Package
Finally, verify the signature using the downloaded .asc file and the Debian package itself:
<code>$ gpg --verify tixati_2.84-1_amd64.deb.asc tixati_2.84-1_amd64.deb</code>
The third line of the output confirms that the signature was generated by the software author—in this case, Tixati Software Inc. Additionally, the fingerprint shown matches the one we previously verified, confirming the authenticity of the PGP signature.
We hope this guide helped you understand how to verify the PGP signature of a downloaded software package in Linux.
The above is the detailed content of How to Verify PGP Signature of Downloaded Software on Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
5 Best Open Source Mathematical Equation Editors for Linux
Jun 18, 2025 am 09:28 AM
Are you looking for good software to write mathematical equations? If so, this article provides the top 5 equation editors that you can easily install on your favorite Linux distribution.In addition to being compatible with different types of mathema
SCP Linux Command – Securely Transfer Files in Linux
Jun 20, 2025 am 09:16 AM
Linux administrators should be familiar with the command-line environment. Since GUI (Graphical User Interface) mode in Linux servers is not commonly installed.SSH may be the most popular protocol to enable Linux administrators to manage the servers
Gogo - Create Shortcuts to Directory Paths in Linux
Jun 19, 2025 am 10:41 AM
Gogo is a remarkable tool to bookmark directories inside your Linux shell. It helps you create shortcuts for long and complex paths in Linux. This way, you no longer need to type or memorize lengthy paths on Linux.For example, if there's a directory
What is a PPA and how do I add one to Ubuntu?
Jun 18, 2025 am 12:21 AM
PPA is an important tool for Ubuntu users to expand their software sources. 1. When searching for PPA, you should visit Launchpad.net, confirm the official PPA in the project official website or document, and read the description and user comments to ensure its security and maintenance status; 2. Add PPA to use the terminal command sudoadd-apt-repositoryppa:/, and then run sudoaptupdate to update the package list; 3. Manage PPAs to view the added list through the grep command, use the --remove parameter to remove or manually delete the .list file to avoid problems caused by incompatibility or stopping updates; 4. Use PPA to weigh the necessity and prioritize the situations that the official does not provide or require a new version of the software.
Install LXC (Linux Containers) in RHEL, Rocky & AlmaLinux
Jul 05, 2025 am 09:25 AM
LXD is described as the next-generation container and virtual machine manager that offers an immersive for Linux systems running inside containers or as virtual machines. It provides images for an inordinate number of Linux distributions with support
How to create a file of a specific size for testing?
Jun 17, 2025 am 09:23 AM
How to quickly generate test files of a specified size? It can be achieved using command line tools or graphical software. On Windows, you can use fsutilfilecreatenew file name size to generate a file with a specified byte; macOS/Linux can use ddif=/dev/zeroof=filebs=1Mcount=100 to generate real data files, or use truncate-s100M files to quickly create sparse files. If you are not familiar with the command line, you can choose FSUtilGUI, DummyFileGenerator and other tool software. Notes include: pay attention to file system limitations (such as FAT32 file size upper limit), avoid overwriting existing files, and some programs may
How to install Linux alongside Windows (dual boot)?
Jun 18, 2025 am 12:19 AM
The key to installing dual systems in Linux and Windows is partitioning and boot settings. 1. Preparation includes backing up data and compressing existing partitions to make space; 2. Use Ventoy or Rufus to make Linux boot USB disk, recommend Ubuntu; 3. Select "Coexist with other systems" or manually partition during installation (/at least 20GB, /home remaining space, swap optional); 4. Check the installation of third-party drivers to avoid hardware problems; 5. If you do not enter the Grub boot menu after installation, you can use boot-repair to repair the boot or adjust the BIOS startup sequence. As long as the steps are clear and the operation is done properly, the whole process is not complicated.
NVM - Install and Manage Multiple Node.js Versions in Linux
Jun 19, 2025 am 09:09 AM
Node Version Manager (NVM) is a simple bash script that helps manage multiple Node.js versions on your Linux system. It enables you to install various Node.js versions, view available versions for installation, and check already installed versions.NV
