How can I check if there is a signature associated with a deb package? In rpm-based systems, we can easily see if there is a signature associated with an rpm file: rpm -qpi <rpm-file.rpm>

How can I check if there is a signature associated with a deb package? In rpm-based systems, we can easily see if there is a signature associated with an rpm file: rpm -qpi <rpm-file.rpm> | grep -i signature For .deb files, we can see the package information but it doesn't include the information of whether a signature is associated or not: dpkg-deb -I uma-18feb-latest.deb Is there a way in Ubuntu to see the signature without using the following command which actually verifies the signature? dpkg-sig --verify <deb-file.deb>

dpkg-sig --list

will list any items in the file which look like a signature, without verifying the file. This will list the role of any signature in the file; _e.g._

$ dpkg-sig -l vuescan_9.7.50-1_amd64.deb
Processing vuescan_9.7.50-1_amd64.deb...
builder
$ dpkg-sig -l zstd_1.4.8+dfsg-2.1_i386.deb
Processing zstd_1.4.8+dfsg-2.1_i386.deb...
$

The first file has a signature with the “builder” role; the second file isn’t signed.

Note that it’s unusual for individual `.deb` files to be signed (unlike RPMs). Debian packages’ authenticity relies on the repository’s authenticity; see How is the authenticity of Debian packages guaranteed?