- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do you use the .sig files provided for download alongside the archives?
I would have expected these to work with GPG as usual but this does not seem to be the case.
What I tried:
curl -JLO https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB
gpg --import GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB
gpg --verify sde-external-9.33.0-2024-01-07-lin.tar.xz.sig sde-external-9.33.0-2024-01-07-lin.tar.xz
This gives me the following error:
```
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
```
Checking with `file sde-external-9.33.0-2024-01-07-lin.tar.xz.sig` gives:
```
sde-external-9.33.0-2024-01-07-lin.tar.xz.sig: DER Encoded PKCS#7 Signed Data
```
Does the .sig file need to be processed with OpenSSL or some other program? Can someone give a concrete example of how to verify the archives?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the response.
I tried the command you specified (openssl cms -verify ...) but that gives a different error message:
```
CMS Verification failure
40F7367FEC7F0000:error:17000064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:../crypto/cms/cms_smime.c:289:Verify error: unsuitable certificate purpose
```

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page