On Tue, 29 Mar 2005 16:29:52 -0600, Steve M Fabac, said:
> gpg --verify gnupg-1.4.1.tar.gz.asc
> (after renaming gnupg-1.4.1.tar.gz.sig to
> gnupg-1.4.1.tar.gz.asc )
Out of curiosity, why did you rename it? Using .sig works just fine.
> gpg: Signature made Tue Mar 15 10:29:15 2005 CST using DSA key ID 57548DCD
> gpg: BAD signature from "Werner Koch (gnupg sig) <[EMAIL PROTECTED]>"
Someone modified the tarball! However, it is more likely that you had
a problem during download (e.g. not using binary mode).
Check the size:
4059170 Mar 15 17:11 gnupg-1.4.1.tar.gz
as well as the checksum
$ sha1sum gnupg-1.4.1.tar.gz
f8e982d5e811341a854ca9c15feda7d5aba6e09a gnupg-1.4.1.tar.gz
If the length does not match, you had a download problem: check local
diskspace as well as binary/ascii setting of the FTP client. If the
checksum matches and the signature does not, then there is a problem
with the .sig file.
> PS, I downloaded gnupg 1.2 pre-compiled and installed it and used it
> to run the gpg commands above.
And how did you make sure that this version has not been modified?
Salam-Shalom,
Werner
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
