It's definitely not an ascii file (having taken a peek at its content). I downloaded libgpg-error-1.21.tar.bz2 again today and it has a the correct size (763186)
-rw-rw-r-- 1 aaron aaron 763186 Jan 27 22:53 libgpg-error-1.21(1).tar.bz2 I re-downloaded sig file and it still fails the gpg --verify test. $ gpg --verify libgpg-error-1.21.tar.bz2.sig gpg: Signature made Sat 12 Dec 2015 06:03:30 AM CST using RSA key ID 4F25E3B6 gpg: BAD signature from "Werner Koch (dist sig)" Could this be some kind of man-in-the-middle attack? I don't recall having seen a signature fail like this before. Aaron On 01/27/2016 08:53 AM, Steve Butler wrote: > Perhaps an ASCII download instead of binary? That would make the download > file larger! > > > -----Original Message----- > From: Gnupg-users [mailto:gnupg-users-bounces+sbutler=fchn....@gnupg.org] On > Behalf Of Aaron Tovo > Sent: Tuesday, January 26, 2016 8:45 PM > To: gnupg-users@gnupg.org > Subject: Re: BAD signatures for GnuPG Stable > > Interesting. The file I downloaded is actually larger than what it should be! > > -rw-rw-r-- 1 aaron aaron 855815 Jan 25 21:44 libgpg-error-1.21.tar.bz2 > > > On 01/26/2016 03:26 AM, Werner Koch wrote: >> On Tue, 26 Jan 2016 05:41, aaront...@gmail.com said: >> >>> $ gpg --verify libgpg-error-1.21.tar.bz2.sig >>> libgpg-error-1.21.tar.bz2 >>> gpg: Signature made Sat 12 Dec 2015 06:03:30 AM CST using RSA key ID >>> 4F25E3B6 >>> gpg: BAD signature from "Werner Koch (dist sig)" >> Please check the length of the file to make sure you downloaded it >> complelety. >> >> The size of libgpg-error-1.21.tar.bz2 is 763186 bytes. >> >> >> Shalom-Salam, >> >> Werner >> > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
