Verify For Your Self
You can Self verify a signed document in several ways.
To verify a document with detached signature follow these steps:
- Download the public key of the signing institution (e.g. MAA)
- Import the public key of the signing institution to your key ($gpg --import [path/to/downloaded/key]
- Download the detached signature for the certificate in question
- Download the certificate in question
- Perform verification ($gpg --verify [path/to/signature] [path/to/certificate])
To verify a document with a clear signed signature follow these steps:
- Download the public key of the signing institution e.g. MAA)
- Import the public key of the signing institution to your key ($ gpg --import [path/to/downloaded/key]
- Download the clear signed certificate
- Perform verification ($ gpg --verify [path/to/clear/signed/certificate]
---
- To the get the original certificate from the clear signed certificate
- Run $gpg -d -o original.txt [path/to/clear/signed/certificate]
- The idenity of the "original.txt" against the unsigned certificate
could be further confirmed by comparing the hashes of each file or using
the unix diff command ($ diff original.txt path/to/UNSIGNED/certificate)