Deutsch · English · Español · Français · Italiano    Mirrors    
Page Contents 
Related software 

Integrity Check

In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways.


Using gpg

If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-1.4.10.tar.bz2 you would use this command:

gpg --verify gnupg-1.4.10.tar.bz2.sig

This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key . Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key.

Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation.


Using sha1sum

If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-1.4.10.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-1.4.10.tar.bz2

and check that the output matches the SHA1 checksum reported on this site. An example of sha1sum checksum is:

fd1b6a5f3b2dd836b598a1123ac257b8f105615d gnupg-1.4.10.tar.bz2

To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement mail posted to several mailing list.


SHA1 Sum Summary

For your convenience, all SHA1 sums available for software that can be downloaded from our site , have been gathered below.

fd1b6a5f3b2dd836b598a1123ac257b8f105615d  gnupg-1.4.10.tar.bz2
0db579b2dc202213424f55243906b71228dd18d1  gnupg-1.4.10.tar.gz
4a6b9f8b15d9849307a90f2b35bde8fd2d111331  gnupg-1.4.9-1.4.10.diff.bz2
b86624303f2e29ade92dcfae672fe75ba9df3931  gnupg-w32cli-1.4.10b.exe
2ff42aff14cdddafc291d44ac1968af5f09a9d4d  gnupg-2.0.13.tar.bz2
6699a1ff94c649e8905199d480c6412cc43bad3d  pinentry-0.7.5.tar.gz
437d381c937b1f1d0699d1ed37cf50f14bfbcd32  dirmngr-1.0.3.tar.bz2
e56da614f3e6acc1cb51af767c77f4a95b05b1e8  gpgme-1.1.8.tar.bz2
f6c36e9d99736883a8ce5b80b0a51d854cbbbc70  libassuan-1.0.5.tar.bz2
3987f0efcbb7048c136d5c859e88eee1763a14f6  libgcrypt-1.4.4.tar.bz2
bf8c6babe1e28cae7dd6374ca24ddcc42d57e902  libgpg-error-1.7.tar.bz2
c8d269fb15869b59204ef3f5d46ceb2c44dbeab3  libksba-1.0.7.tar.bz2

Copyright (C) 2002-2004 Free Software Foundation, Inc.

Written by Werner Koch (2004-08-26 17:14).
Generated with WML 2.0.8 (30-Oct-2001) on 2009-09-27 10:46:47
from source file integrity_check.wml, $Revision: 1.32 $, $Date: 2008-07-02 08:05:11 $
Site designed by LoLo

For any question, please, follow these directions

 Site sponsored by 

Valid XHTML 1.0!     Peace!     Valid CSS!