Unable to verify PGP Signature

  • CJT

    CJT - 2014-04-25

    Currently using GNU Privacy Assistant to verify keys, and verification of all the keys for v2.26 of KeePass (have tried a few previous ones too) give a Bad status. I just wanted to check that if I'm the only one this is happening to, and see if I can work out what's going on.

  • Rich

    Rich - 2014-05-01

    Same issues here but using PGP 6.5.8:

    pgp keepass-2.26.zip.asc
    Pretty Good Privacy(tm) Version 6.5.8
    (c) 1999 Network Associates Inc.
    Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
    Export of this software may be restricted by the U.S. government.

    File 'keepass-2.26.zip.asc' has signature, but with no text.
    Text is assumed to be in file 'keepass-2.26.zip'.
    WARNING: Bad signature, doesn't match file contents!

    Bad signature from user "Dominik Reichl dominik.reichl@gmx.de".

  • Anonymous - 2014-05-02

    GnuPA (unlike Kleopatra and GPG) doesn't like .asc extensions for detached armor signatures.

    Rename the signature as .zip.sig.


    R:>gpg --verify KeePass-2.26.zip.asc
    gpg: Signature made 04/13/14 10:30:28 Romance Daylight Time using DSA key IDFEB7C7BC
    gpg: Good signature from "Dominik Reichl dominik.reichl@gmx.de"

    Last edit: Anonymous 2014-05-02
    • CJT

      CJT - 2014-05-02

      Thank you Etienne, this worked. GnuPA now showing the signature status as valid.

  • Rich

    Rich - 2014-05-02

    Well, I had hopes that the GnuPA 'fix' above from Etienne would work for me with PGP, but, alas, no. To cross-check I installed GPG and it seems happy with the published KeePass file so I guess PGP 6.5.8 just can't cut it.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks