I have successfully completed steps 1-4 in an attempt to verify the PGP signature of a downloaded TrueCrypt setup file. But I can't figure out how to complete step 5 using Seahorse.
Does anyone know how to verify the downloaded signature using seahorse? I downloaded the .sig
file to my desktop.
To verify a PGP signature, follow these steps:
- Create a private PGP key
- Download our PGP public key from our server.
- Sign the imported key with your private key to mark it as trusted.
- Download the digital signature
- Verify the downloaded signature
Best Answer
I do not think you can do all of the steps with Seahorse and the seahorse plugins do not seem to be maintained beyond 11.04.
Create a gpg key
Start seahorse , under the main menu New -> Create a new GPG key
Fill in the subsequent information and password
2) Download the PGP key from Truecrypt You can do this with any browser, save the file where you wish. For this tutorial I will use Downloads in your home directory.
http://www.truecrypt.org/downloads2
The file is called "TrueCrypt-Foundation-Public-Key.asc"
https://www.truecrypt.org/download/TrueCrypt-Foundation-Public-Key.asc
3) With seahorse, import and sign the key
In the seahorse menu -> File -> Import
Select the truecrypt key ( "TrueCrypt-Foundation-Public-Key.asc" )
Now sign the key as trusted
Under the "other" tab, select the truecrypt key and sign it as trusted
4) Download the truecrypt PGP signature from here, save it in Downloads
http://www.truecrypt.org/downloads
5) As far as I know, you can only verify the signature from the command line
Should yield
See also http://mindlev.wordpress.com/2009/09/07/verifying-the-truecrypt-installer-package-on-ubuntu/