Integrity Check

In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways.

Using gpg

If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-{{{gnupg_ver}}}.tar.bz2 you would use this command:

gpg --verify gnupg-2.0.26.tar.bz2.sig

This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key.

Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation.

Using sha1sum

If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-2.0.26.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-2.0.26.tar.bz2

and check that the output matches the SHA-1 checksum reported on this site. An example of a sha1sum output is:

3ff5b38152c919724fd09cf2f17df704272ba192  gnupg-2.0.26.tar.bz2

To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement mail posted to several mailing list.

SHA-1 Sum Summary

For your convenience, all SHA1 sums available for software that can be downloaded from our site, have been gathered below.

a7a7d1432db9edad2783ea1bce761a8106464165  dirmngr-1.1.0.tar.bz2
f30571f855b3ff8becff5378a884638da4c3cc9e  gnupg-1.4.17-1.4.18.diff.bz2
ea7d66c3de7aaf46de9e8678f4fc4a8c329400b2  gnupg-1.4.18.tar.gz
41462d1a97f91abc16a0031b5deadc3095ce88ae  gnupg-1.4.18.tar.bz2
579de2464528b436f39c5835e766867a1efa5fee  gnupg-w32cli-1.4.18.exe
3ff5b38152c919724fd09cf2f17df704272ba192  gnupg-2.0.26.tar.bz2
a91c258e79acf30ec86a667e07f835e5e79342d8  gpgme-1.5.1.tar.bz2
7aed69734ba64b63004107cada671b5861d332a4  libassuan-2.1.2.tar.bz2
cc31aca87e4a3769cb86884a3f5982b2cc8eb7ec  libgcrypt-1.6.2.tar.bz2
ba5858b2947e7272dd197c87bac9f32caf29b256  libgpg-error-1.17.tar.bz2
6bfe285dbc3a7b6e295f9389c20ea1cdf4947ee5  libksba-1.3.1.tar.bz2
36c94980ceab5c15e188de121f7ab4c7ee6b3521  pinentry-0.8.4.tar.bz2