-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello,
And I forgot the important bit where you have to download the asc file for the zip you are checking (d'oh). The new stage 3 below. 1) Download the taverna key file from https://dist.apache.org/repos/dist/release/incubator/taverna/KEYS 2) Import the key file into GPG: gpg --import keys.txt 3) Download the asc file eg https://dist.apache.org/repos/dist/dev/incubator/taverna/source/taverna- parent-2-incubating-RC5/apache-taverna-parent-2-incubating-source-releas e.zip.asc 4) Verify the file: gpg --verify '.\apache-taverna-parent-2-incubating-source-release.zip.asc' '.\apache-taverna-language-0.15.1-incubating-source-release.zip' Cheers, Ian (sorry for the confusion) On 29/02/2016 13:57, Ian Dunlop wrote: > Hello, > > The irony of GPG trashing the commands! I'll try again (and then > give up, I'm sure you are all smart enough to figure it out): > > CertUtil -hashfile > 'apache-taverna-parent-2-incubating-source-release.zip' SHA512 > > CertUtil -hashfile > 'apache-taverna-parent-2-incubating-source-release.zip' MD5 > > CertUtil -hashfile > 'apache-taverna-parent-2-incubating-source-release.zi p' > > Cheers, > > Ian > > On 29/02/2016 13:44, Ian Dunlop wrote: >> Hello, > >> Some handy code for those using windows and powershell to check >> releases . To generate checksums use CertUtil command: SHA512: >> "CertUtil -hashfile >> 'apache-taverna-parent-2-incubating-source-release.zip' SHA512" >> MD5: "CertUtil -hashfile >> 'apache-taverna-parent-2-incubating-source-release.zip' MD5" >> SHA1 (the default for CertUtil): "CertUtil -hashfile >> 'apache-taverna-parent-2-incubating-source-release.zip'" > >> To check the key used to sign the artifacts: > >> 1) Download the taverna key file from >> https://dist.apache.org/repos/dist/release/incubator/taverna/KEYS >> 2) Import the key file into GPG: gpg --import keys.txt 3) >> Verify the file: gpg --verify >> '.\apache-taverna-language-0.15.1-incubating-source-release.zip' > >> See https://httpd.apache.org/dev/verification.html for some >> general verification info. > >> Cheers, > >> Ian > > - -- Ian Dunlop, eScience Lab School of Computer Science The University of Manchester http://orcid.org/0000-0001-7066-3350 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJW1FbVAAoJEPK45GBX+Cy5jL0IAJWY9DKalK4VSCUMkToTd8Qr bbDo2i0xbw1gn3NQjkbKgKZoiFW+TrF5rNWJHJ0n7aODgUnUeK2w8jP1LBIpcnkl 41g4bktbhXn7EgUGCKaIRySIm3W/828XqALzJxJfGgyX8fe/iK5d/gpVxaRkPO3H Bfe1QAyfxL+Dtj0n03z5VhjTHzjVhiM6LYOJWn/LBfsnSF4ub1/wdVx/1B2Ikave kuQytL107juQIVzG4t/IgKRpR5RkUNlWEx8xMiBENz0IU9uZPYOye47bIQnbjO2U L4P/9T5LdIhX3oMyKPYI6vRuaPlOvtC6wXff8Z5dKp27Iuu8kQECWZD7OUsyIps= =gWjg -----END PGP SIGNATURE-----
