tar file for version 1.4.3--- bad signature?
Alphax
alphasigmax at gmail.com
Sat May 20 05:19:05 CEST 2006
Charles Blair wrote:
> I am unable to verify the gpg 1.4.3 tar file. Can
> somebody tell me what I am doing wrong?
>
> I have downloaded the files:
>
> -rw-r--r-- 4354218 Apr 26 17:54 gnupg-1.4.3.tar.gz
> -rw-r--r-- 158 May 1 19:13 gnupg-1.4.3.tar.gz.sig
>
> When I tried gpg --verify gnupg-1.4.3.tar.gz.sig
> using version 1.4.1, I got:
>
> gpg: Signature made Mon 03 Apr 2006 05:42:26 AM CDT
> using RSA key ID 1CE0C630
> gpg: BAD signature from
> "Werner Koch (dist sig) <dd9jn at gnu.org>"
>
> The key was downloaded from the MIT keyserver:
>
> pub 1024R/1CE0C630 2006-01-01 [expires: 2008-12-31]
> Key fingerprint =
> 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630
> uid Werner Koch (dist sig) <dd9jn at gnu.org>
>
>
Try the .bz2 version - at my end it has checksums of:
MD5 = D2 37 D8 FE 1C 4A FA 37 9F 56 DB DA 0E 0B 40 E4
SHA1 = 9E96 B36E 4F4D 1E8B C502 8C99 FAC6 7448 2CBD B370
RMD160 = F6D3 2878 5F41 B74F 97D2 5305 C6FE 95AD 45BB 70A5
Of course, you should check the detached sig for that one rather than
trust me on it... :)
--
Alphax
Death to all fanatics!
Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060520/8f9f5767/signature.pgp
More information about the Gnupg-users
mailing list