驗證 GPG 簽名
% gpg --keyserver-options auto-key-retrieve --verify archlinux-2025.02.01-x86_64.iso.sig archlinux-2025.02.01-x86_64.iso
gpg: Signature made 六 2/ 1 16:31:26 2025 CST
gpg: using EDDSA key 3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C
gpg: issuer "pierre@archlinux.org"
gpg: Good signature from "Pierre Schmitz <pierre@archlinux.org>" [unknown]
gpg: aka "Pierre Schmitz <pierre@archlinux.de>" [unknown]
gpg: WARNING: The key's User ID is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3E80 CA1A 8B89 F69C BA57 D98A 76A5 EF90 5444 9A5C
文件 archlinux-2025.02.01-x86_64.iso 的签名有效,並由與「Pierre Schmitz」相關的鑰匙創建。然而,GPG 警告您無法驗證該鑰匙確實屬於「Pierre Schmitz」,因為該鑰匙的用戶 ID 沒有獲取信任的签名。這意味著您應該謹慎行事,並考慮通過其他手段驗證該鑰匙,以確保文件的真實性。