gpg: key F6F1BF7F72991603 marked as ultimately trusted gpg: directory '/Users/jun/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/Users/jun/.gnupg/openpgp-revocs.d/EDAF59E6A99B74AF7F57F590F6F1BF7F72991603.rev' public and secret key created and signed.
jun@zhangjunshengdeMacBook-Pro Desktop % gpg --keyserver hkp://keys.gnupg.net --recv-key CBAF69F173A0FEA4B537F470D66C9593118BCCB6 gpg: key D66C9593118BCCB6: public key "Christoph M. Becker <[email protected]>" imported gpg: Total number processed: 1 gpg: imported: 1
3.验证
1 2 3 4 5 6 7 8
jun@zhangjunshengdeMacBook-Pro Desktop % gpg --verify php-7.3.6.tar.gz.asc php-7.3.6.tar.gz gpg: Signature made Tue May 28 17:45:55 2019 CST gpg: using RSA key CBAF69F173A0FEA4B537F470D66C9593118BCCB6 gpg: issuer "[email protected]" gpg: Good signature from "Christoph M. Becker <[email protected]>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: CBAF 69F1 73A0 FEA4 B537 F470 D66C 9593 118B CCB6
Good signature表示签名和软件包是匹配的,签名验证成功,但是WARNING提示该密钥未通过可信签名认证,那么本地认证该key即可: