BAD signatures for GnuPG Stable
antony at blazrsoft.com
Thu Jan 28 06:45:02 CET 2016
On 1/28/2016 12:12 AM, Aaron Tovo wrote:
> It's definitely not an ascii file (having taken a peek at its content).
> I downloaded libgpg-error-1.21.tar.bz2 again today and it has a the
> correct size (763186)
> -rw-rw-r-- 1 aaron aaron 763186 Jan 27 22:53 libgpg-error-1.21(1).tar.bz2
> I re-downloaded sig file and it still fails the gpg --verify test.
> $ gpg --verify libgpg-error-1.21.tar.bz2.sig gpg: Signature made Sat 12
> Dec 2015 06:03:30 AM CST using RSA key ID 4F25E3B6
> gpg: BAD signature from "Werner Koch (dist sig)"
> Could this be some kind of man-in-the-middle attack? I don't recall
> having seen a signature fail like this before.
I just downloaded both from the gnupg download site and the signature
verified just fine. That is odd is about all I can say. Are you
downloading it via FTP, HTTP, etc.? The results I got are pasted below.
Maybe someone else has more insight.
gpg (GnuPG) 2.1.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
F:\Downloads>gpg --verify libgpg-error-1.21.tar.bz2.sig
gpg: assuming signed data in 'libgpg-error-1.21.tar.bz2'
gpg: Signature made 12/12/15 07:03:30 Eastern Standard Time
gpg: using RSA key 0x249B39D24F25E3B6
gpg: Good signature from "Werner Koch (dist sig)" [full]
Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 884 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users