Tried the following terminal command:
awanros-MacBook-Pro:Downloads awanro$ gpg --verify qbittorrent-4.1.3.dmg.asc
gpg: no signed data
gpg: can't hash datafile: No data
It seems the installation file has not been signed by the developer.
Have gnupg2 installed via macports.
I downloaded the PGP Signature File.
I imported the developer's public key.
Tried this command to see the Signature File contents:
awanros-MacBook-Pro:Downloads awanro$ cat qbittorrent-4.1.3.dmg.asc
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE2PPad6rGdBBTWZwTbkotAlt8yaIFAluhfUEACgkQbkotAlt8
........etc ........etc ........etc .......etc
0FZFCcz8ljZe6K93fgUveqkBoh+QWhHSAzLpgrF7772cv4/u6DE=
=M1W3
-----END PGP SIGNATURE-----
What terminal commands do I use with this downloaded Signature File to verify the downloaded qBittorrent installation file?
Unable to 'gpg --verify' the installation file.
Re: Unable to 'gpg --verify' the installation file.
Where is the qbittorrent-4.1.3.dmg file you downloaded? If you don't specify where it is, and it's not in the same directory as the .asc signature file, then you will get the error:
If both the .asc and .dmg were in the same directory, then your command would have worked:
Notice that first line: assuming signed data in 'qbittorrent-4.1.3.dmg'. If it's not in the same directory, then you must specify exactly where you downloaded the qbittorrent dmg file to, i.e. gpg --verify some/path/foo/qbittorrent-4.1.3.dmg.asc some/path/bar/qbittorrent-4.1.3.dmg
This is all described in man gpg.
Code: Select all
$ gpg --verify qbittorrent-4.1.3.dmg.asc
gpg: no signed data
gpg: can't hash datafile: No data
Code: Select all
$ gpg --verify qbittorrent-4.1.3.dmg.asc
gpg: assuming signed data in 'qbittorrent-4.1.3.dmg'
gpg: Signature made Tue Sep 18 17:33:37 2018 CDT
gpg: using RSA key D8F3DA77AAC6741053599C136E4A2D025B7CC9A2
gpg: Good signature from "sledgehammer_999 (Used for signing git commits/tags/etc) <[email protected]>" [unknown]
gpg: aka "sledgehammer999 (Used for signing qBittorrent source tarballs and binaries v2.) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: D8F3 DA77 AAC6 7410 5359 9C13 6E4A 2D02 5B7C C9A2
This is all described in man gpg.