[an error occurred while processing this directive]
Here is an example of how to use GPG to digitally sign a file. It shows how I sign a PDF file, and verify the signature. If you import my key you should be able to verify it yourself.
I have a copy of the file paper_howto.pdf in my present working directory. Here is how I sign it, and verify the signature:
: freycinet ~/tmp; gpg -sa paper_howto.pdf You need a passphrase to unlock the secret key for user: "Gernot Heiser <gernot@acm.org>" 1024-bit DSA key, ID E6BFA593, created 2004-04-04 : freycinet ~/tmp; ls -l paper_howto.* -rw-rw-r-- 1 gernot gernot 109064 Nov 1 15:44 paper_howto.pdf -rw-rw-r-- 1 gernot gernot 81341 Nov 1 16:14 paper_howto.pdf.asc : freycinet ~/tmp; gpg paper_howto.pdf.asc File `paper_howto.pdf' exists. Overwrite (y/N)? Enter new filename: test.pdf gpg: Signature made Mon 01 Nov 2004 16:14:20 EST using DSA key ID E6BFA593 gpg: Good signature from "Gernot Heiser <gernot@acm.org>" gpg: aka "Gernot Heiser <gernot@unsw.edu.au>" gpg: aka "Gernot Heiser <gernot@computer.org>" gpg: aka "Gernot Heiser <gernot@nicta.com.au>" gpg: aka "Gernot Heiser <gernot@mungi.org>" gpg: aka "Gernot Heiser <Gernot.Heiser@nicta.com.au>" gpg: aka "Gernot Heiser <G.Heiser@unsw.edu.au>" gpg: aka "Gernot Heiser <gernot@cse.unsw.edu.au>" gpg: aka "Gernot Heiser <gernot@ieee.org>" gpg: aka "[jpeg image of size 2647]" : freycinet ~/tmp; diff paper_howto.pdf test.pdf : freycinet ~/tmp;
Once you have set up your GPG keys, you can import mine, for example by fetching my public key file that is linked from my home page, and running GPG on it:
: freycinet ~/tmp; wget http://gernot-heiser.org/gpg.asc --16:21:33-- http://www.cse.unsw.edu.au/%7Egernot/gpg.asc => `gpg.asc' Resolving localhost... 127.0.0.1 Connecting to localhost[127.0.0.1]:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 6,918 [text/plain] 100%[====================================>] 6,918 --.--K/s 16:21:34 (83.51 MB/s) - `gpg.asc' saved [6918/6918] : freycinet ~/tmp; gpg gpg.asc pub 1024D/E6BFA593 2004-04-04 Gernot Heiser <gernot@unsw.edu.au> uid Gernot Heiser <gernot@computer.org> uid Gernot Heiser <gernot@nicta.com.au> uid Gernot Heiser <gernot@mungi.org> uid Gernot Heiser <Gernot.Heiser@nicta.com.au> uid Gernot Heiser <G.Heiser@unsw.edu.au> uid Gernot Heiser <gernot@cse.unsw.edu.au> uid Gernot Heiser <gernot@ieee.org> uid Gernot Heiser <gernot@acm.org> uid [jpeg image of size 2647] sub 2048g/3A970019 2004-04-04 [expires: 2007-04-04] : freycinet ~/tmp;
If you do this, GPG will tell you that the file contains new keys and may (depending on option settings) ask you before adding them to your public key ring. After that, you should be able to validate the signature on the file I signed above.