Unable to 'gpg --verify' the installation file.

MAC OS X specific questions, problems.
Post Reply
awanro

Unable to 'gpg --verify' the installation file.

Post by awanro »

Tried the following terminal command:

    awanros-MacBook-Pro:Downloads awanro$ gpg --verify qbittorrent-4.1.3.dmg.asc
    gpg: no signed data
    gpg: can't hash datafile: No data

It seems the installation file has not been signed by the developer.

Have gnupg2 installed via macports.

I downloaded the PGP Signature File.

I imported the developer's public key.

Tried this command to see the Signature File contents:

awanros-MacBook-Pro:Downloads awanro$ cat qbittorrent-4.1.3.dmg.asc

-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE2PPad6rGdBBTWZwTbkotAlt8yaIFAluhfUEACgkQbkotAlt8
    ........etc        ........etc      ........etc    .......etc               
0FZFCcz8ljZe6K93fgUveqkBoh+QWhHSAzLpgrF7772cv4/u6DE=
=M1W3
-----END PGP SIGNATURE-----

What terminal commands do I use with this downloaded Signature File to verify the downloaded  qBittorrent installation file?
Top
chrstphrchvz

Re: Unable to 'gpg --verify' the installation file.

Post by chrstphrchvz »

Where is the qbittorrent-4.1.3.dmg file you downloaded? If you don't specify where it is, and it's not in the same directory as the .asc signature file, then you will get the error:

Code: Select all

$ gpg --verify qbittorrent-4.1.3.dmg.asc
gpg: no signed data
gpg: can't hash datafile: No data
If both the .asc and .dmg were in the same directory, then your command would have worked:

Code: Select all

$ gpg --verify qbittorrent-4.1.3.dmg.asc
gpg: assuming signed data in 'qbittorrent-4.1.3.dmg'
gpg: Signature made Tue Sep 18 17:33:37 2018 CDT
gpg:                using RSA key D8F3DA77AAC6741053599C136E4A2D025B7CC9A2
gpg: Good signature from "sledgehammer_999 (Used for signing git commits/tags/etc) <[email protected]>" [unknown]
gpg:                 aka "sledgehammer999 (Used for signing qBittorrent source tarballs and binaries v2.) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: D8F3 DA77 AAC6 7410 5359  9C13 6E4A 2D02 5B7C C9A2
Notice that first line: assuming signed data in 'qbittorrent-4.1.3.dmg'. If it's not in the same directory, then you must specify exactly where you downloaded the qbittorrent dmg file to, i.e. gpg --verify some/path/foo/qbittorrent-4.1.3.dmg.asc some/path/bar/qbittorrent-4.1.3.dmg

This is all described in man gpg.
Top
Post Reply

Return to “MAC”