verify cryptographic signature?

I can’t figure out how to verify the cryptographic signature of the install files for Gentoo. Please see the section entitled “Microsoft Windows based verification” in the official Gentoo link below:

https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Media

Thank you!

Hi Jaunas,

if you like, you can use the cmd.exe and “gpg” just like shown on https://www.gentoo.org/downloads/signatures/ to fetch the pubkey of gentoo and the verify the foo.DIGESTS.asc file.

Then you need to compare the checksums in foo.DIGESTS.asc with the files.
You can use Gpg4win to do this, when in the Microsoft Explorer, use the context menu (right mouse button) to the GpgEX options and check the checksums.
Alternatively this can be done with the export GUI Kleopatra via files.

Best,
Bernhard

@Bernhard:

I figured it out yesterday, but for future reference, using gpg on Windows 10 Pro has to be done via Powershell and in the directory where files to be checked are located. This information is not listed anywhere, but users must know this in order to successfully utilized gpg as indicated in the instructions.

@Jaunas,

good to know that it worked for you!

Can you explain in more detail what you mean by using Powershell and the directory?
What was the difficulties you were experiencing?

Thanks,
Bernhard

What I’m referring to is users must use the Powershell application (if on Windows) and those users must cd (change directory) to the location of the files that gpg is to check in order for the program to successfully run. Otherwise, Powershell will display errors and the GPG application will not work properly.

Hi,
thanks for the feedback!

Are you saying that gpg --decrypt somepath\myfile.gpg
does not work?

(I hope that most people will use the Explorer extensions, so would never see the powershell. :wink: )

Best,
Bernhard