Specify the bundle on the GPG command line, to block an easy attack
Robert Ransom commited on 2012-02-02 05:25:38
Zeige 1 geänderte Dateien mit 2 Einfügungen und 2 Löschungen.
Otherwise, They can put a message with an attached signature in the .asc file, and GPG will call it good.
- docs/en/verifying-signatures.wml 4b96d4828..4ed4d23a4
| ... | ... |
@@ -97,7 +97,7 @@ |
| 97 | 97 |
to download the ".asc" file as well. Assuming you downloaded the |
| 98 | 98 |
package and its signature to your Desktop, run:</p> |
| 99 | 99 |
|
| 100 |
- <pre>C:\Program Files\Gnu\GnuPg\gpg.exe --verify C:\Users\Alice\Desktop\<file-win32-bundle-stable>.asc</pre> |
|
| 100 |
+ <pre>C:\Program Files\Gnu\GnuPg\gpg.exe --verify C:\Users\Alice\Desktop\<file-win32-bundle-stable>.asc C:\Users\Alice\Desktop\<file-win32-bundle-stable></pre> |
|
| 101 | 101 |
|
| 102 | 102 |
<p>The output should say "Good signature": </p> |
| 103 | 103 |
|
| ... | ... |
@@ -153,7 +153,7 @@ |
| 153 | 153 |
to download the ".asc" file as well. Assuming you downloaded the |
| 154 | 154 |
package and its signature to your Desktop, run:</p> |
| 155 | 155 |
|
| 156 |
- <pre>gpg --verify /Users/Alice/<file-osx-x86-bundle-stable>.asc</pre> |
|
| 156 |
+ <pre>gpg --verify /Users/Alice/<file-osx-x86-bundle-stable>{.asc,}</pre>
|
|
| 157 | 157 |
|
| 158 | 158 |
<p>The output should say "Good signature": </p> |
| 159 | 159 |
|
| 160 | 160 |