Downloaded 3.31 and it doesn't verify. I don't see a new public key for Rony but I'm guessing there is one?
I double checked an older password safe version I have and it works:
I:\archive\gpg\keys>gpg --verify \computer\share\Archive\pwsafe\3.26\pwsafe-3.26.exe.sig
gpg: Signature made 06/30/11 14:18:00 using DSA key ID FA175557
gpg: Good signature from "Rony Shapiro email@example.com"
on 3.31 I get:
I:\archive\gpg\keys>gpg --verify \computer\share\Archive\pwsafe\3.31\pwsafe-3.31.exe.sig
gpg: Signature made 05/11/13 06:49:48 using RSA key ID 5CCF8BB3
gpg: Can't check signature: public key not found
Yes, my old signing key was, well, too old (12 years!). You can download the new one from
Note that the new key's signed with the old one, as well as another key that you can download from pgp.mit.edu as well.
$ curl -LOs http://sourceforge.net/projects/passwordsafe/files/passwordsafe/3.31/pwsafe-3.31.exe
$ curl -LOs http://sourceforge.net/projects/passwordsafe/files/passwordsafe/3.31/pwsafe-3.31.exe.sig
$ gpg pwsafe-3.31.exe.sig
gpg: Signature made 05/11/13 05:49:48
gpg: using RSA key 0x919464515CCF8BB3
gpg: Good signature from "Rony Shapiro (PasswordSafe Signing Key) <firstname.lastname@example.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A703 C132 8EAB C7B2 0175 3BA3 9194 6451 5CCF 8BB3
$ echo;cbc1bf84ecf668ee6e4fa14b992a4adc53d385a8 *pwsafe-3.31.exe|sha1sum -c