DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

(mysql.info) checking-gpg-signature

Info Catalog (mysql.info) verifying-md5-checksum (mysql.info) verifying-package-integrity (mysql.info) checking-rpm-signature 
 
 2.1.4.2 Signature Checking Using `GnuPG'
 ........................................
 
 Another method of verifying the integrity and authenticity of a package
 is to use cryptographic signatures. This is more reliable than using
 MD5 checksums, but requires more work.
 
 At MySQL AB, we sign MySQL downloadable packages with `GnuPG' (GNU
 Privacy Guard).  `GnuPG' is an Open Source alternative to the
 well-known Pretty Good Privacy (`PGP') by Phil Zimmermann. See
 `http://www.gnupg.org/' for more information about `GnuPG' and how to
 obtain and install it on your system. Most Linux distributions ship
 with `GnuPG' installed by default. For more information about `GnuPG',
 see `http://www.openpgp.org/'.
 
 To verify the signature for a specific package, you first need to
 obtain a copy of MySQL AB's public GPG build key, which you can
 download from `http://www.keyserver.net/'.  The key that you want to
 obtain is named `build@mysql.com'. Alternatively, you can cut and paste
 the key directly from the following text:
 
      Key ID:
      pub  1024D/5072E1F5 2003-02-03
           MySQL Package signing key (www.mysql.com) <build@mysql.com>
      Fingerprint: A4A9 4068 76FC BD3C 4567  70C8 8C71 8D3B 5072 E1F5
 
      Public Key (ASCII-armored):
 
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      Version: GnuPG v1.0.6 (GNU/Linux)
      Comment: For info see http://www.gnupg.org
 
      mQGiBD4+owwRBAC14GIfUfCyEDSIePvEW3SAFUdJBtoQHH/nJKZyQT7h9bPlUWC3
      RODjQReyCITRrdwyrKUGku2FmeVGwn2u2WmDMNABLnpprWPkBdCk96+OmSLN9brZ
      fw2vOUgCmYv2hW0hyDHuvYlQA/BThQoADgj8AW6/0Lo7V1W9/8VuHP0gQwCgvzV3
      BqOxRznNCRCRxAuAuVztHRcEAJooQK1+iSiunZMYD1WufeXfshc57S/+yeJkegNW
      hxwR9pRWVArNYJdDRT+rf2RUe3vpquKNQU/hnEIUHJRQqYHo8gTxvxXNQc7fJYLV
      K2HtkrPbP72vwsEKMYhhr0eKCbtLGfls9krjJ6sBgACyP/Vb7hiPwxh6rDZ7ITnE
      kYpXBACmWpP8NJTkamEnPCia2ZoOHODANwpUkP43I7jsDmgtobZX9qnrAXw+uNDI
      QJEXM6FSbi0LLtZciNlYsafwAPEOMDKpMqAK6IyisNtPvaLd8lH0bPAnWqcyefep
      rv0sxxqUEMcM3o7wwgfN83POkDasDbs3pjwPhxvhz6//62zQJ7Q7TXlTUUwgUGFj
      a2FnZSBzaWduaW5nIGtleSAod3d3Lm15c3FsLmNvbSkgPGJ1aWxkQG15c3FsLmNv
      bT6IXQQTEQIAHQUCPj6jDAUJCWYBgAULBwoDBAMVAwIDFgIBAheAAAoJEIxxjTtQ
      cuH1cY4AnilUwTXn8MatQOiG0a/bPxrvK/gCAJ4oinSNZRYTnblChwFaazt7PF3q
      zIhMBBMRAgAMBQI+PqPRBYMJZgC7AAoJEElQ4SqycpHyJOEAn1mxHijft00bKXvu
      cSo/pECUmppiAJ41M9MRVj5VcdH/KN/KjRtW6tHFPYhMBBMRAgAMBQI+QoIDBYMJ
      YiKJAAoJELb1zU3GuiQ/lpEAoIhpp6BozKI8p6eaabzF5MlJH58pAKCu/ROofK8J
      Eg2aLos+5zEYrB/LsrkCDQQ+PqMdEAgA7+GJfxbMdY4wslPnjH9rF4N2qfWsEN/l
      xaZoJYc3a6M02WCnHl6ahT2/tBK2w1QI4YFteR47gCvtgb6O1JHffOo2HfLmRDRi
      Rjd1DTCHqeyX7CHhcghj/dNRlW2Z0l5QFEcmV9U0Vhp3aFfWC4Ujfs3LU+hkAWzE
      7zaD5cH9J7yv/6xuZVw411x0h4UqsTcWMu0iM1BzELqX1DY7LwoPEb/O9Rkbf4fm
      Le11EzIaCa4PqARXQZc4dhSinMt6K3X4BrRsKTfozBu74F47D8Ilbf5vSYHbuE5p
      /1oIDznkg/p8kW+3FxuWrycciqFTcNz215yyX39LXFnlLzKUb/F5GwADBQf+Lwqq
      a8CGrRfsOAJxim63CHfty5mUc5rUSnTslGYEIOCR1BeQauyPZbPDsDD9MZ1ZaSaf
      anFvwFG6Llx9xkU7tzq+vKLoWkm4u5xf3vn55VjnSd1aQ9eQnUcXiL4cnBGoTbOW
      I39EcyzgslzBdC++MPjcQTcA7p6JUVsP6oAB3FQWg54tuUo0Ec8bsM8b3Ev42Lmu
      QT5NdKHGwHsXTPtl0klk4bQk4OajHsiy1BMahpT27jWjJlMiJc+IWJ0mghkKHt92
      6s/ymfdf5HkdQ1cyvsz5tryVI3Fx78XeSYfQvuuwqp2H139pXGEkg0n6KdUOetdZ
      Whe70YGNPw1yjWJT1IhMBBgRAgAMBQI+PqMdBQkJZgGAAAoJEIxxjTtQcuH17p4A
      n3r1QpVC9yhnW2cSAjq+kr72GX0eAJ4295kl6NxYEuFApmr1+0uUq/SlsQ==
      =YJkx
      -----END PGP PUBLIC KEY BLOCK-----
 
 To import the build key into your personal public GPG keyring, use `gpg
 --import'. For example, if you have saved the key in a file named
 `mysql_pubkey.asc', the import command looks like this:
 
      shell> gpg --import mysql_pubkey.asc
 
 After you have downloaded and imported the public build key, download
 your desired MySQL package and the corresponding signature, which also
 is available from the download page. The signature file has the same
 name as the distribution file with an `.asc' extension. For example:
 
 Distribution   `mysql-standard-5.0.19-linux-i686.tar.gz'
 file           
 Signature file `mysql-standard-5.0.19-linux-i686.tar.gz.asc'
 
 Make sure that both files are stored in the same directory and then run
 the following command to verify the signature for the distribution file:
 
      shell> gpg --verify PACKAGE_NAME.asc
 
 Example:
 
      shell> gpg --verify mysql-standard-5.0.19-linux-i686.tar.gz.asc
      gpg: Signature made Tue 12 Jul 2005 23:35:41 EST using DSA key ID 5072E1F5
      gpg: Good signature from "MySQL Package signing key (www.mysql.com) <build@mysql.com>"
 
 The `Good signature' message indicates that everything is all right.
 You can ignore any `insecure memory' warning you might obtain.
 
 See the GPG documentation for more information on how to work with
 public keys.
Info Catalog (mysql.info) verifying-md5-checksum (mysql.info) verifying-package-integrity (mysql.info) checking-rpm-signature
automatically generated byinfo2html