I downloaded gnupg-2.0.29.tar.bz2 and libgpg-error-1.21.tar.bz2 and their corresponding .sig files from www.gnupg.org/download.
I tried to verify them using the gnupg (version 1.4.16) that came with my Ubuntu 14.04 distribution and got bad signature messages for both files: $ gpg --verify gnupg-2.0.29.tar.bz2.sig gnupg-2.0.29.tar.bz2 gpg: Signature made Tue 08 Sep 2015 09:38:22 AM CDT using RSA key ID 4F25E3B6 gpg: BAD signature from "Werner Koch (dist sig)" gpg: Signature made Wed 09 Sep 2015 05:30:24 AM CDT using RSA key ID 33BD3F06 gpg: requesting key 33BD3F06 from hkp server keys.gnupg.net gpg: key 33BD3F06: public key "NIIBE Yutaka (GnuPG Release Key) <gni...@fsij.org>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: next trustdb check due at 2018-08-19 gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg: BAD signature from "NIIBE Yutaka (GnuPG Release Key) <gni...@fsij.org>" $ gpg --verify libgpg-error-1.21.tar.bz2.sig libgpg-error-1.21.tar.bz2 gpg: Signature made Sat 12 Dec 2015 06:03:30 AM CST using RSA key ID 4F25E3B6 gpg: BAD signature from "Werner Koch (dist sig)" What are some likely causes of this? I also checked the sha1sum and md5sum and they didn't match either. I didn't try the other gnupg packages. Aaron _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
