从 putty.org 下载:
master-2021.asc putty-0.76.tar.gz putty-0.76.tar.gz.gpg release-2021.asc
打开终端
gpg --import master-2021.asc
输出:
gpg: key DD4355EAAC1119DE: 4 signatures not checked due to missing keys
gpg: key DD4355EAAC1119DE: public key "PuTTY Master Key <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
不知道这意味着什么:
4 signatures not checked due to missing keys
但我使用下一个推荐:
gpg --import release-2021.asc
输出:
gpg: key E4F83EA2AA4915EC: public key "PuTTY Releases <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
然后我尝试验证:
gpg --verify putty-0.76.tar.gz.gpg putty-0.76.tar.gz
输出:
gpg: Signature made Sat 17 Jul 2021 12:32:18 CEST
gpg: using RSA key E27394ACA3F9D9049522E0546289A25F4AE8DA82
gpg: Can't check signature: No public key
我究竟做错了什么?
发现我错了;PuTTY.org 上发布的最新公钥不是他们用来签署我下载的文件的公钥。我需要该文件的旧公钥(从 2018 年开始),该文件也发布在他们的网站上。
花了我一整天。但终于明白了所有的gpg语法/选项/命令和组合(或至少大部分)
GPG 太棒了!!