Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Jul 2018 22:37:10 +0200
From: Solar Designer <solar@...nwall.com>
To: lkrg-users@...ts.openwall.com
Subject: Re: Unable to verify signature

Hi,

On Mon, Jul 30, 2018 at 08:25:45PM +0000, vapnik spaknik wrote:
> $ gpg --verify lkrg-0.3.tar.gz.sign lkrg-0.3.tar.gzgpg: Signature made Wed 04 Jul 2018 17:47:13 BSTgpg:                using RSA key 0x05C027FD4BDC136Egpg: BAD signature from "Openwall offline signing key" [unknown]
> I have tried downloading through different proxies, but its the same each time.

I've just confirmed that I'm able to verify the signature on this file
as freshly downloaded from the website using wget.

To troubleshoot this further, please let us know what file sizes you
see.  One guess is that maybe the gzip compression on the tarball is
getting undone on the way or by your browser.

The correct file sizes are:

-rw-------. 1 solar solar 62616 Jul  4 18:47 lkrg-0.3.tar.gz
-rw-------. 1 solar solar   801 Jul  4 18:47 lkrg-0.3.tar.gz.sign

Also try:

$ file lkrg-0.3.tar.gz
lkrg-0.3.tar.gz: gzip compressed data, from Unix, last modified: Wed Jul 4 18:47:00 2018, max compression

Also let us know what version of GnuPG you're using.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ