Correction: Use the procedure described here: http://www.turbovnc.org/Downloads/DigitalSignatures
to verify the DEB signatures. Importing the key for debsig-verify is unfortunately more complicated than described below, so I had to write a script. On 8/14/15 6:31 PM, DRC wrote: > All of the TurboVNC binaries back to 1.2 have been digitally signed. > > > The RPMs and DEBs are signed using the following GPG key: > > http://www.TurboVNC.org/key/VGL-GPG-KEY > or > http://pgp.mit.edu/pks/lookup?op=get&search=0x6BBEFA1972FEB9CE > > > To verify the RPM package signatures: > > sudo rpm --import '{key URL}' > rpm --checksig {RPM file} > > > To verify the DEB package signatures: > > sudo mkdir /usr/share/debsig/keyrings/6BBEFA1972FEB9CE > wget '{key URL}' -O /tmp/VGL-GPG-KEY > sudo gpg --no-default-keyring --keyring > /usr/share/debsig/keyrings/6BBEFA1972FEB9CE/debsig.gpg --import > /tmp/VGL-GPG-KEY > sudo chmod 644 /usr/share/debsig/keyrings/6BBEFA1972FEB9CE/debsig.gpg > debsig-verify {DEB file} > > > To verify the Windows installer package signatures: > > Right-click on the .exe file and look at the "Digital Signatures" tab. > If you have the Windows SDK installed, you can also run > > signtool verify -pa {.exe file} ------------------------------------------------------------------------------ _______________________________________________ TurboVNC-Announce mailing list TurboVNC-Announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/turbovnc-announce