On 1/28/2016 12:12 AM, Aaron Tovo wrote: > It's definitely not an ascii file (having taken a peek at its content). > > I downloaded libgpg-error-1.21.tar.bz2 again today and it has a the > correct size (763186) > > -rw-rw-r-- 1 aaron aaron 763186 Jan 27 22:53 libgpg-error-1.21(1).tar.bz2 > > I re-downloaded sig file and it still fails the gpg --verify test. > > $ gpg --verify libgpg-error-1.21.tar.bz2.sig gpg: Signature made Sat 12 > Dec 2015 06:03:30 AM CST using RSA key ID 4F25E3B6 > gpg: BAD signature from "Werner Koch (dist sig)" > > Could this be some kind of man-in-the-middle attack? I don't recall > having seen a signature fail like this before. >
I just downloaded both from the gnupg download site and the signature verified just fine. That is odd is about all I can say. Are you downloading it via FTP, HTTP, etc.? The results I got are pasted below. Maybe someone else has more insight. F:\Downloads>gpg --version gpg (GnuPG) 2.1.10 libgcrypt 1.6.4 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: C:/Users/antony/AppData/Roaming/gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 F:\Downloads>gpg --verify libgpg-error-1.21.tar.bz2.sig gpg: assuming signed data in 'libgpg-error-1.21.tar.bz2' gpg: Signature made 12/12/15 07:03:30 Eastern Standard Time gpg: using RSA key 0x249B39D24F25E3B6 gpg: Good signature from "Werner Koch (dist sig)" [full] Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 -- Antony Prince Key ID: 0xAF3D4087301B1B19 Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19 URL: http://pool.sks-keyservers.net/pks/lookup?op=get&search=0xAF3D4087301B1B19
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
