Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Jul 2018 22:37:10 +0200
From: Solar Designer <>
Subject: Re: Unable to verify signature


On Mon, Jul 30, 2018 at 08:25:45PM +0000, vapnik spaknik wrote:
> $ gpg --verify lkrg-0.3.tar.gz.sign lkrg-0.3.tar.gzgpg: Signature made Wed 04 Jul 2018 17:47:13 BSTgpg:                using RSA key 0x05C027FD4BDC136Egpg: BAD signature from "Openwall offline signing key" [unknown]
> I have tried downloading through different proxies, but its the same each time.

I've just confirmed that I'm able to verify the signature on this file
as freshly downloaded from the website using wget.

To troubleshoot this further, please let us know what file sizes you
see.  One guess is that maybe the gzip compression on the tarball is
getting undone on the way or by your browser.

The correct file sizes are:

-rw-------. 1 solar solar 62616 Jul  4 18:47 lkrg-0.3.tar.gz
-rw-------. 1 solar solar   801 Jul  4 18:47 lkrg-0.3.tar.gz.sign

Also try:

$ file lkrg-0.3.tar.gz
lkrg-0.3.tar.gz: gzip compressed data, from Unix, last modified: Wed Jul 4 18:47:00 2018, max compression

Also let us know what version of GnuPG you're using.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.