Currently using GNU Privacy Assistant to verify keys, and verification of all the keys for v2.26 of KeePass (have tried a few previous ones too) give a Bad status. I just wanted to check that if I'm the only one this is happening to, and see if I can work out what's going on.
Same issues here but using PGP 6.5.8:
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.
File 'keepass-2.26.zip.asc' has signature, but with no text.
Text is assumed to be in file 'keepass-2.26.zip'.
WARNING: Bad signature, doesn't match file contents!
Bad signature from user "Dominik Reichl email@example.com".
GnuPA (unlike Kleopatra and GPG) doesn't like .asc extensions for detached armor signatures.
Rename the signature as .zip.sig.
R:>gpg --verify KeePass-2.26.zip.asc
gpg: Signature made 04/13/14 10:30:28 Romance Daylight Time using DSA key IDFEB7C7BC
gpg: Good signature from "Dominik Reichl firstname.lastname@example.org"
Thank you Etienne, this worked. GnuPA now showing the signature status as valid.
Well, I had hopes that the GnuPA 'fix' above from Etienne would work for me with PGP, but, alas, no. To cross-check I installed GPG and it seems happy with the published KeePass file so I guess PGP 6.5.8 just can't cut it.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.