EXAMPLE: First we import the key. We can list our keys to check and see if it is there (for those who may be paranoid). Below are the commands and the output from the gpg program.
Command:
gpg -import pmkey.asc
Output:
gpg: key 4812C85C: public key "Paul Michaels (January 2002) <pm@cgiss.boisestate.edu>" imported gpg: Total number processed: 1 gpg: imported: 1
Command:
gpg -list-keys
Output:
/home/pm/.gnupg/pubring.gpg --------------------------- pub 1024D/4812C85C 2002-02-01 uid Paul Michaels (January 2002) <pm@cgiss.boisestate.edu> sub 1024g/1430F4BF 2002-02-01
Next, we verify the signature embedded in the *.dsc or *.changes file.
Command:
gpg -verify bsu_3.0.1-1.dsc
Output:
gpg: Signature made Tue 13 Jun 2017 03:05:50 PM MDT using DSA key ID 4812C85C gpg: Good signature from "Paul Michaels (January 2002) <pm@cgiss.boisestate.edu>"
The warning results if you have not certified the signature with a level of trust. You can edit the key and change the trust, as well as sign it (assuming you have your own public and private key). But this is not necessary to check *.changes or *.dsc file (assuming you are confident of my key). If you obtained my key from some source other than my web page, you may wish to compare it with the listing below:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.6 (GNU/Linux) mQGiBDxZ9GIRBADJ/p9510p5ubYWlhGZgMNJUEcP2rkMoA/jtxFqqaWERjvMKwW4 kbWytJ2VLlIhiFI0vUMtViHpppFz6TfDR+1qvIzBqxobieIuPxotCa1e+KDWpaCI Rb2+4ny2TlbZ3JBsK9rzMZkIVsUa7aCFbHmtLpBRwf2T97AEm3+lSQFBEwCgiWqC wc2tKBGeZ6rdmGWkbmUzdN8EAMnoXaW5lo+WhbitR40qQ5YwE0GwXMcD+/QhMjCv 353YPbnPzkhFokQ6dVkk3rTQBV5jg0p0YsjNVaWwQo7oNXLOLLhC2d+/mLPGjPH+ afgKGFmyXkxUuLHmht0JZsuiLfr8oOEBQyHwQC+y1Ccd94nEefTvQE8I8Sqy0kP/ 01ezA/9B/+Xy+L4mJvGGJ/cOOV4yzzR8BJ+koYhGVvNEq2I5jy67KhBpSPWxRPb5 dWu31WCnkzk6i9NUAx3QecvXLTR6AZMvw1TL8kGmCsG7vWWNB1Mg2P62AMARxbOl fPY5Y9tzDFXaNan6axTGMKOto/5RDfp5X9n08bfiUiFK0iVH6bQ2UGF1bCBNaWNo YWVscyAoSmFudWFyeSAyMDAyKSA8cG1AY2dpc3MuYm9pc2VzdGF0ZS5lZHU+iFcE ExECABcFAjxZ9GIFCwcKAwQDFQMCAxYCAQIXgAAKCRDdrrznSBLIXCYzAJ9XDNs+ /Ue7F/hFQdsM8Xb3K1EUsACeIbhzpowmmOAWkcW/H77fUg4O6G+5AQ0EPFn0dRAE AIBVO6W+vPZimewQeBIAaou+81RMGmBcMQ3fUjLdXUQubjOM4LYjS4WP+AtzIvuj 2GXMBkh0eOAiw0Icn9UD5Qv1ogBrRBmSGmP4XLtin6PgGdG9Ak6PQtb2ZKj5kGq3 8fG/OOtFSYHJuD8MPenL3mMQwSMtoFgMqpU3b/1ONVdDAAMFA/0WjVrD0vMw2O1R 4owGbsu9VdS5V3BDwssgVy1V7GZEB1iCJqKPf87wNYaZWQWuCx6SmVQe+XrP67MC Zbm8Pk8bFFaNa3aOXHfqB+kzXofiKfCNVdqy7jAyZrhN753pZlJYMvq/EnNa5qMm PrNak+/8XZMA1I76l9//ybQMwuK6gYhGBBgRAgAGBQI8WfR1AAoJEN2uvOdIEshc sToAni1CjyZvwbsYb0uVSkZuP4dEUAOkAJ9FIBzX2e/16FVW222yNKOl0shLRw== =zS6T -----END PGP PUBLIC KEY BLOCK-----
pm 2018-04-08