gpg校验文件

# cd /usr/ports/security/gnupg

# make install distclean

就可以在FreeBSD里安装好gnupg了。

测试：

# fetch http://apache.freelamp.com/httpd/binaries/win32/apache_2.2.14-win32-x86-openssl-0.9.8k.msi

# fetch http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc

# gpg --verify apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc

gpg: Signature made Tue Sep 29 12:02:36 2009 CST using RSA key ID 7F7214A7
gpg: Can't check signature: No public key
这是没有导入公钥ID为7F7214A7的公钥造成的，所以要先导入公钥。
# gpg --recv-keys 7F7214A7

gpg: requesting key 7F7214A7 from hkp server keys.gnupg.net
gpg: key B55D9977: public key "William A. Rowe, Jr. < wrowe@rowe-clan.net >" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

导入好后，再校验就可以了。

# gpg --verify apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc

gpg: Signature made Tue Sep 29 12:02:36 2009 CST using RSA key ID 7F7214A7
gpg: Good signature from "William A. Rowe, Jr. < wrowe@rowe-clan.net >"
gpg:                 aka "William A. Rowe, Jr. < wrowe@apache.org >"
gpg:                 aka "William A. Rowe, Jr. < william.rowe@springsource.com >"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B1B9 6F45 DFBD CCF9 7401  9235 193F 180A B55D 9977
     Subkey fingerprint: 4962 0827 E32B C882 DC6B  EF54 A348 B984 7F72 14A7

 

有 “WARNING: This key is not certified with a trusted signature!” 这样的警告，意指这个 key 没有信任签名。
基本上你可以忽略这条信息。但如果你看着觉得不舒服，那就加上信任签名。当然了，首要前提是你确定这个 key 是绝对信得过的。

# gpg --edit-key 7F7214A7
gpg (GnuPG) 2.0.11; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub  4096R/B55D9977  created: 2008-04-09  expires: 2018-07-07  usage: SC 
                     trust: unknown       validity: unknown
sub  4096R/CB9B9EC5  created: 2008-04-09  expired: 2009-07-03  usage: S  
sub  4096R/C10FE28B  created: 2008-04-09  expired: 2009-07-03  usage: E  
sub  4096R/7F7214A7  created: 2009-07-09  expires: 2011-07-09  usage: S  
sub  4096R/7715D89C  created: 2009-07-09  expires: 2011-07-09  usage: E  
sub  4096g/FF1392F5  created: 2008-04-09  expired: 2009-07-03  usage: E  
sub  4096g/FCDC8C20  created: 2009-07-09  expires: 2011-07-09  usage: E  
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net >
[ unknown] (2)  William A. Rowe, Jr. <wrowe@apache.org >
[ unknown] (3)  William A. Rowe, Jr. <william.rowe@springsource.com >

Command> trust
pub  4096R/B55D9977  created: 2008-04-09  expires: 2018-07-07  usage: SC 
                     trust: unknown       validity: unknown
sub  4096R/CB9B9EC5  created: 2008-04-09  expired: 2009-07-03  usage: S  
sub  4096R/C10FE28B  created: 2008-04-09  expired: 2009-07-03  usage: E  
sub  4096R/7F7214A7  created: 2009-07-09  expires: 2011-07-09  usage: S  
sub  4096R/7715D89C  created: 2009-07-09  expires: 2011-07-09  usage: E  
sub  4096g/FF1392F5  created: 2008-04-09  expired: 2009-07-03  usage: E  
sub  4096g/FCDC8C20  created: 2009-07-09  expires: 2011-07-09  usage: E  
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net >
[ unknown] (2)  William A. Rowe, Jr. <wrowe@apache.org >
[ unknown] (3)  William A. Rowe, Jr. <william.rowe@springsource.com >

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5 (选5才是绝对信任)
Do you really want to set this key to ultimate trust? (y/N) y

pub  4096R/B55D9977  created: 2008-04-09  expires: 2018-07-07  usage: SC 
                     trust: ultimate      validity: unknown
sub  4096R/CB9B9EC5  created: 2008-04-09  expired: 2009-07-03  usage: S  
sub  4096R/C10FE28B  created: 2008-04-09  expired: 2009-07-03  usage: E  
sub  4096R/7F7214A7  created: 2009-07-09  expires: 2011-07-09  usage: S  
sub  4096R/7715D89C  created: 2009-07-09  expires: 2011-07-09  usage: E  
sub  4096g/FF1392F5  created: 2008-04-09  expired: 2009-07-03  usage: E  
sub  4096g/FCDC8C20  created: 2009-07-09  expires: 2011-07-09  usage: E  
[ unknown] (1). William A. Rowe, Jr. <wrowe@rowe-clan.net >
[ unknown] (2)  William A. Rowe, Jr. <wrowe@apache.org >
[ unknown] (3)  William A. Rowe, Jr. <william.rowe@springsource.com >
Please note that the shown key validity is not necessarily correct
unless you restart the program.

Command> save
Key not changed so no update needed.
然后再校验一次。

# gpg --verify apache_2.2.14-win32-x86-openssl-0.9.8k.msi.asc

gpg: Signature made Tue Sep 29 12:02:36 2009 CST using RSA key ID 7F7214A7
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2018-07-07
gpg: Good signature from "William A. Rowe, Jr. <wrowe@rowe-clan.net >"
gpg:                 aka "William A. Rowe, Jr. <wrowe@apache.org >"
gpg:                 aka "William A. Rowe, Jr. <william.rowe@springsource.com >"

这次没警告信息了。