On Wed, Dec 23, 2015 at 1:14 PM, stevehendo34 <[email protected]> wrote: > Downloaded armory-bin.tar.gz from arch AUR > > On Armory site they gave public key text in ASCII format. > I saved it to armory_key.txt > I imported this public key from armory_key.txt file to my key ring. > gpg --list-keys > pub rsa4096/98832223 2012-02-28 > uid [ unknown] Alan C. Reiner (Offline Signing Key) > <[email protected]> > uid [ unknown] Alan C. Reiner (Armory Signing Key) > <[email protected]> > uid [ unknown] Alan C. Reiner (Armory Signing Key) > <[email protected]> > sub rsa4096/DE6B2D74 2012-02-28 > t > > The also gave signature in ascii and I saved that to armory_sig.txt > gpg --verify armory_sig.txt armory-bin.tar.gz > gpg: Signature made Sun Jun 7 20:46:36 2015 CDT using RSA key ID 98832223 > gpg: BAD signature from "Alan C. Reiner (Offline Signing Key) > <[email protected]>" [unknown] > > The key ID 98832223 match whats on their site 0x98832223, and whats on my > keyring, but > Can you explain what the third line means why (BAD signature)? > > I am pretty much new to all this stuff!
Hi Steve, Welcome! The error means that the data you downloaded doesn't match the data that was originally signed by the author. It's possible this could be due to an error by the signer, a transmission error over the internet, or intentional tampering. Cheers! -Pete -- Pete Stephenson _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
