Screen Version
School of Computer Science & Engineering
University of New South Wales

 Advanced Operating Systems 
 COMP9242 2007/S2 

Final Exam

GPG Signing Example

Here is an example of how to use GPG to digitally sign a file. It shows how I sign a PDF file, and verify the signature. If you import my key you should be able to verify it yourself.

I have a copy of the file paper_howto.pdf in my present working directory. Here is how I sign it, and verify the signature:

: freycinet ~/tmp; gpg -sa paper_howto.pdf
 
You need a passphrase to unlock the secret key for
user: "Gernot Heiser <gernot@acm.org>"
1024-bit DSA key, ID E6BFA593, created 2004-04-04
 
: freycinet ~/tmp; ls -l paper_howto.*
-rw-rw-r--  1 gernot gernot 109064 Nov  1 15:44 paper_howto.pdf
-rw-rw-r--  1 gernot gernot  81341 Nov  1 16:14 paper_howto.pdf.asc
: freycinet ~/tmp; gpg paper_howto.pdf.asc
File `paper_howto.pdf' exists. Overwrite (y/N)?
Enter new filename: test.pdf
gpg: Signature made Mon 01 Nov 2004 16:14:20 EST using DSA key ID E6BFA593
gpg: Good signature from "Gernot Heiser <gernot@acm.org>"
gpg:                 aka "Gernot Heiser <gernot@unsw.edu.au>"
gpg:                 aka "Gernot Heiser <gernot@computer.org>"
gpg:                 aka "Gernot Heiser <gernot@nicta.com.au>"
gpg:                 aka "Gernot Heiser <gernot@mungi.org>"
gpg:                 aka "Gernot Heiser <Gernot.Heiser@nicta.com.au>"
gpg:                 aka "Gernot Heiser <G.Heiser@unsw.edu.au>"
gpg:                 aka "Gernot Heiser <gernot@cse.unsw.edu.au>"
gpg:                 aka "Gernot Heiser <gernot@ieee.org>"
gpg:                 aka "[jpeg image of size 2647]"
: freycinet ~/tmp; diff paper_howto.pdf test.pdf
: freycinet ~/tmp;

Once you have set up your GPG keys, you can import mine, for example by fetching my public key file that is linked from my home page, and running GPG on it:

: freycinet ~/tmp; wget http://gernot-heiser.org/gpg.asc
--16:21:33--  http://www.cse.unsw.edu.au/%7Egernot/gpg.asc
           => `gpg.asc'
Resolving localhost... 127.0.0.1
Connecting to localhost[127.0.0.1]:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 6,918 [text/plain]
 
100%[====================================>] 6,918         --.--K/s
 
16:21:34 (83.51 MB/s) - `gpg.asc' saved [6918/6918]
 
: freycinet ~/tmp; gpg gpg.asc
pub  1024D/E6BFA593 2004-04-04 Gernot Heiser <gernot@unsw.edu.au>
uid                            Gernot Heiser <gernot@computer.org>
uid                            Gernot Heiser <gernot@nicta.com.au>
uid                            Gernot Heiser <gernot@mungi.org>
uid                            Gernot Heiser <Gernot.Heiser@nicta.com.au>
uid                            Gernot Heiser <G.Heiser@unsw.edu.au>
uid                            Gernot Heiser <gernot@cse.unsw.edu.au>
uid                            Gernot Heiser <gernot@ieee.org>
uid                            Gernot Heiser <gernot@acm.org>
uid                            [jpeg image of size 2647]
sub  2048g/3A970019 2004-04-04  [expires: 2007-04-04]
: freycinet ~/tmp;

If you do this, GPG will tell you that the file contains new keys and may (depending on option settings) ask you before adding them to your public key ring. After that, you should be able to validate the signature on the file I signed above.


Last modified: 26 Apr 2009.