Verify MongoDB for VSCode Plugin验证MongoDB的VSCode插件

Download the VS Code Extension signature file下载VS Code扩展签名文件

Go to the MongoDB VS Code Releases page and download the .sig file for your version of VS Code Extension.转到MongoDB VS Code发布页面，下载您版本的VS Code扩展的.sig文件。

Import the VS Code Extension public key导入VS Code扩展公钥

curl https://pgp.mongodb.com/mongodb-vscode.asc | gpg --import

If the key imports successfully, the command returns:如果键导入成功，则命令返回：

gpg: key A8130EC3F9F5F923: public key "MongoDB VS Code Signing Key <vscode@mongodb.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

If you have previously imported the key, the command returns:如果您之前已导入键，则命令返回：

gpg: key A8130EC3F9F5F923: public key "MongoDB VS Code Signing Key <vscode@mongodb.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Verify the plugin验证插件

gpg --verify <path_to_signature_file> <path_to_plugin_vsix_file>

If the plugin is signed by MongoDB, the command returns:如果插件由MongoDB签名，则命令返回：

gpg: Signature made Mon Jan  8 19:30:04 2024 CET
gpg:                using RSA key A505CECC78EC9A688A4811505D55DCA8B92B7040
gpg: Good signature from "MongoDB VS Code Signing Key <vscode@mongodb.com>" [unknown]

If the package is signed but the signing key is not added to your local trustdb, the command returns:如果包已签名，但签名键未添加到本地trustdb中，则命令返回：

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.

If the package is not signed properly, the command returns an error message:如果包没有正确签名，该命令将返回错误消息：

gpg: Signature made Mon Jan 22 10:22:53 2024 CET
gpg:                using RSA key AB1B92FFBE0D3740425DAD16A8130EC3F9F5F923
gpg: BAD signature from "MongoDB VS Code Signing Key <vscode@mongodb.com>" [unknown]