The certificate issued by Edx is signed by a gpg key so that it can be validated independently by anyone who has the IITBombayX public key. For independent verification IITBombayX uses what is called a "detached signature" meaning that the signature for the certificate is contained in a separate file with a ".sig" extension.
To complete the verification procedure you will need the following three files:
- The official IITBombayX public key.
- The IITBombayX certificate belonging to Sayali Suresh Kadam (you should already have this file).
- The signature file for Sayali Suresh Kadam's certificate
Ensure you have the pdf, the ".sig" signature file and the IITBombayX public key copied to a single directory before you begin.
Import the IITBombayX public key on OSX using GPG Keychain
Download and install gpgtools.
After installation, GPG Keychain Access will prompt for a new personal keypair.
Click the import icon to import the public key file IITBombayX, iitbombayx.pub.
CTRL-click the IITBombayX public key and select "sign" to validate it.
Confirm that the IITBombayX public key is listed in the GPG Keychain Access window and it has Short ID 044DA1D9.
Import the IITBombayX public key on Microsoft Windows using gpg4win
Download and install the full version of gpg4win.
After the installation is complete, launch Kleapatra from the start menu.
Create a new personal certificate if don't have one listed under "My Certificates".
Import the IITBombayX public key file, iitbombayx.pub for IITBombayX by clicking on the "Import Certificate" icon.
Certify the IITBombayX public key by highlighting the iitbombayx certificate and selecting "Certify Certificate" under the "Certificates" menu.
Make sure that the IITBombayX public key/certificate is listed under the "Trusted Certificates" tab and verify it has the Key-ID 044DA1D9.
When prompted, select "Create personal OpenPGP key pair."
Verify the IITBombayX certificate using gpg on both OSX and Windows
- Open up a new terminal on OSX or a command window on Windows
- Go into the directory where the .sig and .pdf files are located
- Run the following command to verify the fingerprint of the iitbombayx key
gpg --verify Certificate.pdf.sig Certificate.pdf