What to do at failed integrity check?

Steve Butler sbutler at fchn.com
Mon Oct 3 22:31:35 CEST 2016

Go to any public key server and get that key ID.

However, before doing that, I'd first verify the checksum without using GnuPG.  That process should also have been described on the download page.

-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces+sbutler=fchn.com at gnupg.org] On Behalf Of Simon Albrecht
Sent: Monday, October 03, 2016 6:36 AM
To: gnupg-users at gnupg.org
Subject: What to do at failed integrity check?

Hello everybody,

I’m having a problem getting GnuPG set up: I downloaded the tarball and signature (for v2.0.30), then did the integrity check as described on <https://www.gnupg.org/download/integrity_check.html> using the packaged version of GnuPG (1.4.something), and it failed with this message:

gpg: Signature made Do 31 Mär 2016 12:56:02 CEST using RSA key ID 4F25E3B6
gpg: Can't check signature: public key not found

I already tried getting the files from a mirror – same thing.

Now, the instructions on the linked webpage only say ‘the file should be treated suspiciously’. But what can I do now? Just use it anyway and hope it’s not a real problem?

Best regards,
Simon Albrecht

Gnupg-users mailing list
Gnupg-users at gnupg.org

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, 
is for the sole use of the intended recipient(s) and may contain 
and privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 

More information about the Gnupg-users mailing list