Hi all, I tried to verify the detached signature for a file using GPG 1.4.0 (on SuSE 9.3). GPG told me that it was a bad signature:
> gpg --verify libprelude-0.9.0-rc11.tar.gz.sig Output: gpg: Signature made Mon 01 Aug 2005 11:29:02 PM CEST using RSA key ID 23D2FAC3 gpg: BAD signature from "Prelude Hybrid IDS Archives Verification Key <[EMAIL PROTECTED]>" Well, right now I installed GPG 1.4.2 and the signature is validated successfully: > gpg --verify libprelude-0.9.0-rc11.tar.gz.sig gpg: Signature made Mon 01 Aug 2005 11:29:02 PM CEST using RSA key ID 23D2FAC3 gpg: Good signature from "Prelude Hybrid IDS Archives Verification Key <[EMAIL PROTECTED]>" Some bug that was fixed recently? This is a little bit weird... The files were: http://www.prelude-ids.org/download/releases/libprelude-0.9.0-rc11.tar.gz http://www.prelude-ids.org/download/releases/libprelude-0.9.0-rc11.tar.gz.sig and they were transferred correctly (otherwise gpg 1.4.2 should fail to validate the signature, too). Could this be related to the signature being a "textmode" signature (on a binary file)? Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
