Deutsch · English · Español · Français · Italiano    Mirrors    
Page Contents  
Related software  

Integrity Check

In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways.


Using gpg

If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.4.8.tar.bz2 you would use this command:

gpg --verify gnupg-1.4.8.tar.bz2.sig

This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key . Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key.

Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation.


Using sha1sum

If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-1.4.8.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-1.4.8.tar.bz2

and check that the output matches the SHA1 checksum reported on this site. An example of sha1sum checksum is:

4b63267358e5c70f05b48e27d6877bad2636cabd gnupg-1.4.8.tar.bz2

To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement mail posted to several mailing list.


SHA1 Sum Summary

For your convenience, all SHA1 sums available for software that can be downloaded from our site , have been gathered below.

4b63267358e5c70f05b48e27d6877bad2636cabd  gnupg-1.4.8.tar.bz2
29803a37645493104b239247505418f9c5bedd88  gnupg-1.4.8.tar.gz
e69d50a34c9f8d80aca366494228e2be0e8c641b  gnupg-1.4.7-1.4.8.diff.bz2
6ef3f9ba7a36ad1da53a02a8733bf77bc5305587  gnupg-w32cli-1.4.8.exe
baeb7962f9d3d4628ada78036d1f5d4480aaa2d9  gnupg-2.0.8.tar.bz2
39eb62907e5c4ddc29da00b1291c24e5267f113e  dirmngr-1.0.1.tar.bz2
cd1b52e8ecfa361737c6f130ed2f1d850e312c16  libgcrypt-1.4.0.tar.bz2
d3c71afb8b88b1050067633cd8bcc4ca0bae696d  gpgme-1.1.4.tar.bz2

Copyright (C) 2002-2004 Free Software Foundation, Inc.

Written by Werner Koch (2004-08-26 17:14).
Generated with WML 2.0.8 (30-Oct-2001) on 2007-12-20 12:14:20
from source file integrity_check.wml, $Revision: 1.30 $, $Date: 2007/12/10 09:33:46 $
Site designed by LoLo

For any question, please, follow these directions

  Technical resources for this
project are sponsered by
Site sponsored by  

Valid XHTML 1.0!     Peace!     Valid CSS!