A python script to verify file signatures, using gpg as backend.

This is without all the complicated web-of-trust stuff, displays just whether the signature was correct, and a list of files where you have seen the same signature before.

More details in the README.


martin@bazaar:~$ subversion-1.1.3.tar.bz2.asc 
New key added to /home/martin/.sigcheck
Correct signature, history:
Never seen this signature before.
martin@bazaar:~/compile/kernel$ linux-2.4.28.tar.bz2.sign
Correct signature, history:
Kernel ftp archive (autosign on upload)
2005-01-19 File linux-2.4.28.tar.bz2
2004-06-26 File patch-2.6.7.bz2
2004-06-26 File patch-2.6.6.bz2
2004-06-26 File patch-2.6.5.bz2
2004-06-16 File patch-2.4.26.bz2
... 4 more entries
Here is an sample dot-sigcheck file. You don't need to copy this, yours will get created automatically.


sigcheck-0.2.tar.gz, sigcheck-0.2.tar.gz.sig

Freshmeat page

Similar Projects

keystory, with focus on emails.