BAD signatures for GnuPG Stable
Aaron Tovo
aarontovo at gmail.com
Tue Jan 26 05:41:41 CET 2016
I downloaded gnupg-2.0.29.tar.bz2 and libgpg-error-1.21.tar.bz2 and
their corresponding .sig files from www.gnupg.org/download.
I tried to verify them using the gnupg (version 1.4.16) that came with
my Ubuntu 14.04 distribution and got bad signature messages for both files:
$ gpg --verify gnupg-2.0.29.tar.bz2.sig gnupg-2.0.29.tar.bz2
gpg: Signature made Tue 08 Sep 2015 09:38:22 AM CDT using RSA key ID
4F25E3B6
gpg: BAD signature from "Werner Koch (dist sig)"
gpg: Signature made Wed 09 Sep 2015 05:30:24 AM CDT using RSA key ID
33BD3F06
gpg: requesting key 33BD3F06 from hkp server keys.gnupg.net
gpg: key 33BD3F06: public key "NIIBE Yutaka (GnuPG Release Key)
<gniibe at fsij.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: next trustdb check due at 2018-08-19
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: BAD signature from "NIIBE Yutaka (GnuPG Release Key) <gniibe at fsij.org>"
$ gpg --verify libgpg-error-1.21.tar.bz2.sig libgpg-error-1.21.tar.bz2
gpg: Signature made Sat 12 Dec 2015 06:03:30 AM CST using RSA key ID
4F25E3B6
gpg: BAD signature from "Werner Koch (dist sig)"
What are some likely causes of this?
I also checked the sha1sum and md5sum and they didn't match either.
I didn't try the other gnupg packages.
Aaron
More information about the Gnupg-users
mailing list