Skip to content

Sign/Validate files with gpg

homepage-banner

Introduction

A digital signature certifies and timestamps a document, making it tamper-resistant. If the document is subsequently modified in any way, verification of the signature will fail. This provides the same level of assurance as a hand-written signature, with the added benefit of being tamper-resistant. Here we will use GnuPG to sign and verify files.

Usage Example

Creating a GPG keypair

gpg --full-generate-key

Editing a GPG key

gpg --edit-key your_email@address.com

Export the public key to share with others

gpg --export --armor --output my-gpg.pub

Import other users’ public keys

gpg --import name_of_pub_key_file
cat sample.txt 
Sample text for gpg signing

Make a signature

gpg -s sample.txt

file sample*
sample.txt:     ASCII text
sample.txt.gpg: data

Decrypt

gpg --decrypt sample.txt.gpg 

Make a detached signature

gpg -b sample.txt

file sample*
sample.txt:     ASCII text
sample.txt.gpg: data
sample.txt.sig: data

or add --armor option to make a ASCII signature

gpg --armor -b sample.txt

file sample*
sample.txt:     ASCII text
sample.txt.asc: PGP signature Signature (old)
sample.txt.gpg: data
sample.txt.sig: data

or add --clearsign option to make a clear signature

gpg --clear-sign sample.txt

cat sample.txt.asc

Verify a signature

gpg --verify sample.txt.sig sample.txt

List keys

gpg --list-keys
gpg --refresh-keys

Search keys

gpg --keyserver pgp.mit.edu --search-keys your_email@address.com

Check the fingerprint

gpg --fingerprint your_email@address.com

Conclusion

Signatures are an essential tool to ensure the authenticity and integrity of digital messages and files. GnuPG is a powerful and open-source tool that provides cryptographic privacy and authentication for data communication. By following the steps outlined in this post, you can create and verify signatures using GnuPG to secure your digital communications.

References

  • https://www.gnupg.org/gph/en/manual/x135.html
  • https://www.redhat.com/sysadmin/digital-signatures-gnupg
  • https://pgp.mit.edu/
Feedback







Disclaimer
  • Welcome to visit the knowledge base of SRE and DevOps!
  • License under CC BY-NC 4.0
  • Made with Material for MkDocs and improve writing by generative AI tools
  • Copyright issue feedback me#imzye.com, replace # with @