tar file for version 1.4.3--- bad signature?

Charles Blair c-blair at uiuc.edu
Sat May 20 04:05:51 CEST 2006

  I am unable to verify the gpg 1.4.3 tar file.  Can
somebody tell me what I am doing wrong?

   I have downloaded the files:

-rw-r--r--   4354218 Apr 26 17:54 gnupg-1.4.3.tar.gz
-rw-r--r--       158 May  1 19:13 gnupg-1.4.3.tar.gz.sig

   When I tried gpg --verify gnupg-1.4.3.tar.gz.sig
using version 1.4.1, I got:

gpg: Signature made Mon 03 Apr 2006 05:42:26 AM CDT
using RSA key ID 1CE0C630
gpg: BAD signature from
"Werner Koch (dist sig) <dd9jn at gnu.org>"

  The key was downloaded from the MIT keyserver:

pub   1024R/1CE0C630 2006-01-01 [expires: 2008-12-31]
      Key fingerprint =
 7B96 D396 E647 1601 754B  E4DB 53B6 20D0 1CE0 C630
uid        Werner Koch (dist sig) <dd9jn at gnu.org>

More information about the Gnupg-users mailing list