I’m trying to do GPG signature validation to Centos 7 RPM files that I have downloaded. They are validated during the first download, but I am trying to another validation after they have been transferred to a Windows computer.

I have downloaded the Gpg4win/gnuPG. Then saved the CentOS 7 Signing Key (to .sig. and .asc). I have even imported it to Kleopatra (just to be sure).

I can verify .exe file but RPM are not working. Is the gpg.exe the right tool for doing RPM package signature verification in Windows??

Commands that are not working: Im trying to execute command/exe (C:\Program Files (x86)\GnuPG\bin\gpg.exe)

gpg.exe --verify RPM_File.rpm
gpg.exe --verify sig_file.sig RPM_File.rpm

The end goal is to do PowerShell script that verifies all the files.

Edit:

So it seems that there is no Windows software to solve this issue, at least i can not find it. I started to entertain the idea of installing Windows Subsystem for Linux to the Windows host to gain access to bash and rpm. I don't know what kind usability it will be to call (even from PowerShell) rpm to do the signature validation.