i always check qbittorrent using MD5, SHA-256, but i cant figure it out how this "new" pgp signature works.
i have install Kleopatra, check the files, but i get the massage “The data could not be verified.”
can someone please help me? thanks.
can't verify pgp signature. first time with this
Re: can't verify pgp signature. first time with this
SHA and PGP are two different things.
SHA is to verify integrity. Meaning, no one messed with the file, the uploaded program. And to make sure it's downloaded OK.
To verify SHA:
$ sha256sum qbittorrent_4.1.8_x64_setup.exe
62e5ea323a9e4d922d7919d9747ee6d598eb24546e896e2b4990e612e3b41b19 qbittorrent_4.1.8_x64_setup.exe
(to my best understanding, not a hardcore gpg user)
To verify GPG:
- Download the public key (top of the Download page). It's an .asc. Import it to gpg.
$ gpg --import 5B7CC9A2.asc
- Download the installer / tarball and the .asc for it. For example [qbittorrent_4.1.8_x64_setup.exe] [qbittorrent_4.1.8_x64_setup.exe.asc]
$ gpg --verify qbittorrent_4.1.8_x64_setup.exe.asc qbittorrent_4.1.8_x64_setup.exe
SHA is to verify integrity. Meaning, no one messed with the file, the uploaded program. And to make sure it's downloaded OK.
To verify SHA:
$ sha256sum qbittorrent_4.1.8_x64_setup.exe
62e5ea323a9e4d922d7919d9747ee6d598eb24546e896e2b4990e612e3b41b19 qbittorrent_4.1.8_x64_setup.exe
(to my best understanding, not a hardcore gpg user)
To verify GPG:
- Download the public key (top of the Download page). It's an .asc. Import it to gpg.
$ gpg --import 5B7CC9A2.asc
- Download the installer / tarball and the .asc for it. For example [qbittorrent_4.1.8_x64_setup.exe] [qbittorrent_4.1.8_x64_setup.exe.asc]
$ gpg --verify qbittorrent_4.1.8_x64_setup.exe.asc qbittorrent_4.1.8_x64_setup.exe