Hi,
user@ubuntu:~$ gpg --import id_public_key.asc gpg: key 79A9F115: "Immunity Debugger (Immunity Debugger Sign Key) immunitydebugger@immunityinc.com" not changed gpg: key 54BF70F2: "Immunity Debugger (Immunity Inc.) immunitydebugger@immunityinc.com" not changed gpg: Total number processed: 2 gpg: unchanged: 2
user@ubuntu:~$ gpg --verify ImmunityDebugger_1_80_setup.exe.sig ImmunityDebugger_1_80_setup.exe gpg: Signature made Tuesday 07 December 2010 03:07:31 AM IST using DSA key ID 54BF70F2 gpg: Good signature from "Immunity Debugger (Immunity Inc.) immunitydebugger@immunityinc.com" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6E32 9351 3A61 5274 6FBF 8273 ABCA 792D 54BF 70F2
user@ubuntu:~$
Is this the proper way of checking the integrity of application with .sig and public key files?
Sorry if it sounds a silly question, but this is the first time I'm dealing with .sig file instead of md5/sha1 hashes.