New user problems please help

Werner Koch wk at gnupg.org
Wed Mar 30 17:37:25 CEST 2005


On Tue, 29 Mar 2005 16:29:52 -0600, Steve M Fabac, said:

> gpg --verify gnupg-1.4.1.tar.gz.asc
>  (after renaming gnupg-1.4.1.tar.gz.sig to 
>     gnupg-1.4.1.tar.gz.asc )

Out of curiosity, why did you rename it?  Using .sig works just fine.

> gpg: Signature made Tue Mar 15 10:29:15 2005 CST using DSA key ID 57548DCD
> gpg: BAD signature from "Werner Koch (gnupg sig) <dd9jn at gnu.org>"

Someone modified the tarball!  However, it is more likely that you had
a problem during download (e.g. not using binary mode).

Check the size:

      4059170 Mar 15 17:11 gnupg-1.4.1.tar.gz

as well as the checksum

$ sha1sum gnupg-1.4.1.tar.gz
f8e982d5e811341a854ca9c15feda7d5aba6e09a  gnupg-1.4.1.tar.gz

If the length does not match, you had a download problem: check local
diskspace as well as binary/ascii setting of the FTP client.  If the
checksum matches and the signature does not, then there is a problem
with the .sig file.

> PS, I downloaded gnupg 1.2 pre-compiled and installed it and used it
> to run the gpg commands above. 

And how did you make sure that this version has not been modified?



Salam-Shalom,

   Werner




More information about the Gnupg-users mailing list