I have downloaded the postfix from the postfix.org site.There is a file called postfix-2.2.0.tar.gz.sig i know that it contains the signature for the file against which i have to check postfix-2.2.0.tar.gz. If the signature matches means there is no problem in the downloaded file.
But I don't know how to check the signatures.
$ gpg --verify postfix-2.2.0.tar.gz.sig postfix-2.2.0.tar.gz
Morever sometimes rpm files also have signature checking please tell me the procedure for checking those downloaded files also means if I have downloaded a software there is also a signature file with that software how do i check that downloaded software against the signature file.
$ rpm --checksig some.rpm
You need to have already imported the GPG public key of whoever signed the package first though.
Paul.
