How do I verify the PGP downloaded signature of the TrueCrypt setup file with Seahorse?

I do not think you can do all of the steps with Seahorse and the seahorse plugins do not seem to be maintained beyond 11.04.

Create a gpg key

Start seahorse , under the main menu New -> Create a new GPG key

New gpg key

Fill in the subsequent information and password

Infopasswd

2) Download the PGP key from Truecrypt You can do this with any browser, save the file where you wish. For this tutorial I will use Downloads in your home directory.

http://www.truecrypt.org/downloads2

The file is called "TrueCrypt-Foundation-Public-Key.asc"

https://www.truecrypt.org/download/TrueCrypt-Foundation-Public-Key.asc

3) With seahorse, import and sign the key

In the seahorse menu -> File -> Import

Select the truecrypt key ( "TrueCrypt-Foundation-Public-Key.asc" )

Now sign the key as trusted

Under the "other" tab, select the truecrypt key and sign it as trusted

Trust 1

Trust 2

Trust 3

4) Download the truecrypt PGP signature from here, save it in Downloads

http://www.truecrypt.org/downloads

5) As far as I know, you can only verify the signature from the command line

cd ~/Desktop
~/Desktop$ gpg truecrypt-7.1a-linux-x86.tar.gz.sig --verify truecrypt-6.2a-ubuntu-x86.tar.gz

Should yield

gpg: Good signature from "TrueCrypt Foundation "

See also http://mindlev.wordpress.com/2009/09/07/verifying-the-truecrypt-installer-package-on-ubuntu/


Simply typing (in a shell in the directory where both files are)

gpg --verify TrueCrypt.sig TrueCrypt-ProgramFile

will give the same results without having to create any thing on your side. At least this worked from my experience. This tutorial did help though. :)

Also, if you just type the first part of the file name like True in this case you can hit the Tab key and it will auto-complete. :D