This week's giveaway is in the JDBC forum.
We're giving away four copies of Java Database Connections & Transactions (e-book only) and have Marco Behler on-line!
See this thread for details.
Win a copy of Java Database Connections & Transactions (e-book only) this week in the JDBC forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

how to verify Tomcat's files with PGP  RSS feed

 
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anyone can help me with this?

I have the file, I have de associated .asc file. (and I downloaded and installe GnuPG for win). And now? I tried to solve it without success.
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't know what version you'd downloaded but...
Say it's Tomcat7.
In Tomcat7 download page, there's a link to the public key in "Release Integrity" section.
First you should do is to download the KEY file, and import it such like "gpg --import KEY.txt".
(Sorry, I'm not a Windows user. But things should happen almost the same, I hope.)
Maybe you find a warning such like "untrusted key" but it can be ignored.
Then verify it.
This is my result:

$ gpg --verify apache-tomcat-7.0.16.tar.gz.asc apache-tomcat-7.0.16.tar.gz
gpg: Signature made Sat Jun 11 19:52:32 2011 JST using RSA key ID 2F6059E7
gpg: Good signature from "Mark E D Thomas <markt@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7


It says that the file was signed by "Mark E D Thomas <markt@apache.org>", and seemingly the file can be trusted.
 
Bartender
Posts: 20766
124
Android Eclipse IDE Java Linux Redhat Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, IIRC that's an MD5 checksum, not an encryption.

Linux comes with a program named "md5sum". Windows doesn't - as far as I know. It's not the kind of thing that Windows typically includes. So for that platform, you'll have to find an md5 checking program on your own.
 
Wait for it ... wait .... wait .... NOW! Pafiffle! A perfect tiny ad!
how do I do my own kindle-like thing - without amazon
https://coderanch.com/t/711421/engineering/kindle-amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!