I'm trying to verify the signatures of sha256sums.gpg and sha256sums with the following commands in terminal (using mac)
$ gpg --verify SHA256SUMS.gpg SHA256SUMS
Instead, I get this answer...! :-(
unknown:~ username$ gpg --verify SHA256SUMS.gpg SHA256SUMS
-bash: gpg: command not found
unknown:~ username$
What did I do wrong...?
Looks like the gpg command is not found. Do you have GnuPG installed?
I would recommend you install the GPGTools Suite.
It provides the gpg command, but also GPG integration for Apple Mail and related graphical utilities. This may be more than you need or want.
You could also install GnuPG with Homebrew:
$ brew install gnupg
Homebrew is a package manager similar to for example yum or apt in different Linux distributions, but for macOS. You may prefer this if you are already using Homebrew or are planning to use it to install more (command line) tools in the future.
If you just want to verify the checksum (not the signature), you can use
shasum -a 256 <filename>
without installing anything.
You should have shasum available on a Mac already. If you download a 256 sum, you can do
shasum -a 256 filetoverify.tgz > 256.txt
then compare this to your downloaded sum file
diff 256.txt downloaded256sumfile
You might see a complaint about
\ No newline at end of file
