如何解决验证文件时由未知实体做出的签名
func VerifyGPGSig(target,signature,signingKey string) error {
keyRingReader,err := os.Open(signingKey)
if err != nil {
return fmt.Errorf("Failed to open %s: %v",signingKey,err)
}
sig,err := os.Open(signature)
if err != nil {
return fmt.Errorf("Failed to open %s: %v",err)
}
t,err := os.Open(target)
if err != nil {
return fmt.Errorf("Failed to open %s: %v",target,err)
}
keyring,err := openpgp.ReadArmoredKeyRing(keyRingReader)
if err != nil {
return fmt.Errorf("Failed to read signing key: %v",err)
}
_,err = openpgp.CheckArmoredDetachedSignature(keyring,t,sig)
if err != nil && err == io.EOF {
// When the signature is binary instead of armored,the error is io.EOF.
// Let's try with binary signatures as well
_,err := openpgp.CheckDetachedSignature(keyring,sig)
if err != nil && err == io.EOF {
return fmt.Errorf("Failed to find valid signatures in the signature file: %v",err)
}
return fmt.Errorf("Failed to check signature: %v",err)
}
if err != nil {
return fmt.Errorf("Failed to check signature: %v",err)
}
return nil
}
Failed to check signature: openpgp: signature made by unkNown entity
从这里https://www.flatcar-linux.org/security/image-signing-key/Flatcar_Image_Signing_Key.asc
下载了GPG密钥我没有找到要添加到公钥PGP密钥的任何基元。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
