Trojan detected in Windows 10 Simple Installer for GnuPG Modern
Peter Lebbing
peter at digitalbrains.com
Sat Jan 28 22:37:22 CET 2017
On 27/01/17 21:56, Jacob Lyles wrote:
> GnuPG download: gnupg-w32-2.1.18_20179123.exe
> (sha256 1FD01E24F65465DFD075B8AD55A58EAEE13E79C02C42096C325A7CCF5A1EB283) "Simple
> installer for GnuPG modern"
This is indeed truly the file signed by Werner's dist sig key:
$ gpg2 --verify gnupg-w32-2.1.18_20170123.exe{.sig,}
gpg: Signature made Mon 23 Jan 2017 22:12:23 CET
gpg: using RSA key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
gpg: Good signature from "Werner Koch (dist sig)" [full]
gpg: werner koch (dist sig): Verified 1 signature in the past 5 minutes, and
encrypted 0 messages.
$ sha256sum gnupg-w32-2.1.18_20170123.exe
1fd01e24f65465dfd075b8ad55a58eaee13e79c02c42096c325a7ccf5a1eb283 gnupg-w32-2.1.18_20170123.exe
(albeit that you accidentally typed a 9 in the date in the filename)
I suspect it's a false positive, but somebody else will need to check.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170128/71b3e23e/attachment.sig>
More information about the Gnupg-users
mailing list