从 putty.org 下载:
master-2021.asc putty-0.76.tar.gz putty-0.76.tar.gz.gpg release-2021.asc
打开的终端
gpg --import master-2021.asc
输出:
gpg: key DD4355EAAC1119DE: 4 signatures not checked due to missing keys
gpg: key DD4355EAAC1119DE: public key "PuTTY Master Key <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
不确定这是什么意思:
4 signatures not checked due to missing keys
但我使用下一个推荐:
gpg --import release-2021.asc
输出:
gpg: key E4F83EA2AA4915EC: public key "PuTTY Releases <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
然后我尝试验证:
gpg --verify putty-0.76.tar.gz.gpg putty-0.76.tar.gz
输出:
gpg: Signature made Sat 17 Jul 2021 12:32:18 CEST
gpg: using RSA key E27394ACA3F9D9049522E0546289A25F4AE8DA82
gpg: Can't check signature: No public key
我究竟做错了什么?
答案1
我发现我错了;PuTTY.org 上发布的最新公钥不是他们用来签署我下载的文件的公钥。我需要该文件的旧公钥(2018 年的),该公钥也发布在他们的网站上。
花了我一整天的时间。但最终我理解了所有的 gpg 语法/选项/命令和组合(或者至少是其中的大部分)
GPG 太棒了!!