PGP Verify
Verify a detached PGP signature against the original file using a public key.
About PGP Verify
PGP Verify checks a detached signature against the original file using the signer's public key, telling you whether the file is authentic and untouched. Use it before trusting a download, release, or message that came with a .sig or .asc signature. The check runs entirely in your browser — nothing is uploaded.
- Category
- privacy
- Input
- Accepts: */*.
- Output
- Outputs: application/json.
- Cost
- Free, runs in your browser
- Memory
- medium
Common uses
- Confirm a downloaded software release matches its published detached signature before installing
- Verify that an advisory or statement really came from the organization that claims to have signed it
- Check the integrity of a file pulled from a mirror you don't fully trust
- Validate a signed manifest in a build pipeline before acting on its contents
- Confirm a colleague's signed document hasn't been altered since they signed it
- Audit a signature against a known public key to detect tampering or impersonation
Frequently asked questions
What do I need to verify a signature?
Three things: the original file, the detached signature, and the signer's public key. The tool reports whether they match.
What does the result tell me?
It returns a JSON result indicating whether the signature is valid for that file and key — confirming both authenticity and that the file is unmodified.
Does verifying upload my file anywhere?
No. Verification is computed locally in your browser, so the file, signature, and key stay on your device.
What if verification fails?
A failure means the file was altered, the signature doesn't correspond to it, or the public key doesn't match the signer. Treat the file as untrusted.
Does this work with GnuPG-created signatures?
Yes. It follows the OpenPGP standard, so detached signatures produced by GnuPG and other compliant tools verify here.
Keywords
- pgp
- gpg
- verify
- signature
- openpgp
- public-key
- authenticity