6,534
edits
Changes
Filled in →Checking files
== Checking files ==
Some files (e.g. precreated OS templates) are also signed by the GPG key. Unlike RPMS, they do not contain the signature inside the file, but rather there is a separate small <tt>.asc</tt> file available.
== Importing the public key ==
First, you need to import OpenVZ public key to your GnuPG keychain. You can either import a local file, or search for the key on one of the public keyservers.
Local file:
<pre>
$ gpg --import RPM-GPG-Key-OpenVZ
</pre>
From the default keyserver:
<pre>
[kir@kir ~]$ gpg --search-keys OpenVZ
gpg: searching for "OpenVZ" from hkp server subkeys.pgp.net
(1) OpenVZ Project <security@openvz.org>
1024 bit DSA key A7A1D4B6, created: 2005-09-14
Keys 1-1 of 1 for "OpenVZ". Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key A7A1D4B6 from hkp server subkeys.pgp.net
...
</pre>
From the pgp.mit.edu keyserver:
<pre>
$ gpg --keyserver pgp.mit.edu --search-keys OpenVZ
gpg: searching for "OpenVZ" from hkp server pgp.mit.edu
(1) OpenVZ Project <security@openvz.org>
1024 bit DSA key A7A1D4B6, created: 2005-09-14
Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key A7A1D4B6 from hkp server pgp.mit.edu
</pre>
== Checking the signature ==
To check the signature, you need to have both the main file (e.g. the template tarball) and the signature file (the one which ends in <tt>.asc</tt>. Assuming you want to check the signature of <tt>centos-4-i386-default.tar.gz</tt> file:
<pre>
$ gpg --verify centos-4-i386-default.tar.gz.asc
</pre>
You should see something like this:
<pre>
gpg: Signature made Wed Dec 14 19:13:53 2005 MSK using DSA key ID A7A1D4B6
gpg: Good signature from "OpenVZ Project <security@openvz.org>"
</pre>
[[Category: Infrastructure]]
[[Category: Security]]
