BAD signatures for GnuPG Stable

Aaron Tovo aarontovo at
Thu Jan 28 16:31:31 CET 2016

Thanks for the info.

Today I re-downloaded the .bz2 and .sig. And the verification worked
(see output below). I did file diffs between the new and the previous
downloads with 'diff' and they are identical. So I tried verify on the
previous download and it worked this time. Very confusing.

I've also downloaded the rest of the packages for building GnuPG 2.0.29
and verification succeeded on all of them.

$ gpg --verify  libgpg-error-1.21.tar.bz2.sig  libgpg-error-1.21.tar.bz2
gpg: Signature made Sat 12 Dec 2015 06:03:30 AM CST using RSA key ID
gpg: Good signature from "Werner Koch (dist sig)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
Primary key fingerprint: D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6

On 01/28/2016 07:15 AM, stebe at wrote:
> Hi,
>> Aaron Tovo <aarontovo at> hat am 28. Januar 2016 um 06:12
>> geschrieben:
>> I re-downloaded sig file and it still fails the gpg --verify test.
>> $ gpg --verify libgpg-error-1.21.tar.bz2.sig gpg: Signature made Sat 12
>> Dec 2015 06:03:30 AM CST using RSA key ID 4F25E3B6
>> gpg: BAD signature from "Werner Koch (dist sig)"
>> Could this be some kind of man-in-the-middle attack? I don't recall
>> having seen a signature fail like this before.
> If you are really interested in further invesigating it, it seems that
> this might be useful for you. I haven't checked it yet, though.
> (1)
> Quote from (1)
> Why
> Writing bash scripts that do file verification using gpg that really is
> secure and passes a comprehensive threat model, that covers indefinite
> freeze, rollback, endless data attacks, etc. is hard.
> gpg-bash-lib's goal is to provide a bash library that we can
> collaboratively develop, audit and abstract the hard work into reuseable
> functions.
> Checking gpg exit codes only is insufficient. Quote Werner Koch (gnupg
> lead developer):
>     "there is no clear distinction between the codes and for proper error
> reporting you are advised to use the --status-fd messages."
> What does it do
>     Abstracts file verification into common functions.
>     Allows detecting of stale files, i.e. detection downgrade or
> indefinite freeze attacks by implementing a valid-until like mechanism.
>     Internally parses gpg's --status-file output.
>     It is signal friendly.
>     Detects endless data attacks, aborts and reports this.
>     Detects indefinite freeze and rollback (downgrade) attacks and reports
> this.
>     Can help with verification of names of files, that are otherwise not
> covered by default when using gpg.
>     Provide diagnostic output (variables) that contain information if the
> local clock is sane by comparing signature creation date with local clock.
> [...]
> Introduction
> It is assumed, that your script downloaded a data file as well as a
> signature file. A separate folder containing the keys that are supposed to
> be used for gpg verification, such as for example
> /usr/share/program-name/signing-keys.d is required as a prerequisite. You
> can then use this library to do the gpg verification for you. 
> Cheers, 
> Stebe

More information about the Gnupg-users mailing list