gpg: BAD signature from

Pete Stephenson pete at heypete.com
Wed Dec 23 21:34:51 CET 2015


On Wed, Dec 23, 2015 at 1:14 PM, stevehendo34 <stevehendo34 at gmail.com> wrote:
> Downloaded armory-bin.tar.gz from arch AUR
>
> On Armory site they gave public key text in ASCII format.
> I saved it to armory_key.txt
> I imported this public key from armory_key.txt file to my key ring.
> gpg --list-keys
> pub   rsa4096/98832223 2012-02-28
> uid         [ unknown] Alan C. Reiner (Offline Signing Key)
> <alan at bitcoinarmory.com>
> uid         [ unknown] Alan C. Reiner (Armory Signing Key)
> <etotheipi at gmail.com>
> uid         [ unknown] Alan C. Reiner (Armory Signing Key)
> <alan.reiner at gmail.com>
> sub   rsa4096/DE6B2D74 2012-02-28
> t
>
> The also gave signature in ascii and I saved that to armory_sig.txt
> gpg --verify armory_sig.txt  armory-bin.tar.gz
> gpg: Signature made Sun Jun  7 20:46:36 2015 CDT using RSA key ID 98832223
> gpg: BAD signature from "Alan C. Reiner (Offline Signing Key)
> <alan at bitcoinarmory.com>" [unknown]
>
> The key ID 98832223 match whats on their site 0x98832223, and whats on my
> keyring, but
> Can you explain what the third line means why (BAD signature)?
>
> I am pretty much new to all this stuff!

Hi Steve,

Welcome!

The error means that the data you downloaded doesn't match the data
that was originally signed by the author. It's possible this could be
due to an error by the signer, a transmission error over the internet,
or intentional tampering.

Cheers!
-Pete

-- 
Pete Stephenson



More information about the Gnupg-users mailing list