Reputation: 41
How making and verifying a signature with PGP using command line
I could not find any good example of signing and verifying a file using PGP, I hope the following example could be useful. I will use Bob and Alice to explain it.
1.Bob install Alice’s PGP Public key in his machine:
$ gpg --import <Key_Alice>-pub-sub.asc
2.Alice signs and encrypts a document (TestMessage.txt) using her PGP Private key :
$ gpg --output TestMessageSignedByAlice.txt -a --sign ./TestMessage.txt
--output : write output to FILE (TestMessageSignedByAlice.txt)
-a, --armor :output file should be in ascii format
--sign : document to sign and encrypt (TestMessage.txt)
The result is a document signed and encrypted (TestMessageSignedByAlice.txt) by Alice using her PGP private key.
3.Finally Bob verifies Alice’s signed document and decrypts document using Alice’s PGP Public Key. The original document content will be found in document TestMessageDecrypt.txt .
$ gpg --output TestMessageDecrypt.txt --decrypt ./TestMessageSignedByAlice.txt
--decrypt: file to verify signature and to decrypt (TestMessageSignedByAlice.txt)
--output : write output to FILE (TestMessageDecrypt.txt)
I used documentation from : https://www.gnupg.org/gph/en/manual/x135.html
Upvotes: 1
Views: 3158
Answers (1)
Reputation: 14160
It works in a bit different way:
- Alice uses her secret (private) key to sign a document, and Bob's public key to encrypt a document.
- Bob uses his secret (private) key to decrypt document, and then Alice's public key to verify signature.
Upvotes: 2
Related Questions
- How do I verify a gpg signature matches a public key file?
- How do you verify an encrypted and signed file with gpg?
- Can't check signature: public key not found
- How to verify GPG signature with OpenSSL
- Can't verify pgp signature
- Create pgp file with gpg from command line
- How to verify an OpenPGP signature on a public key?
- Verify gpg signature in Go openpgp
- Verifying a signature using go.crypto/openpgp
- verify gpg signature without installing key