Integrity Check

In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways.

Using gpg

If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-{{{gnupg_ver}}}.tar.bz2 you would use this command:

gpg --verify gnupg-2.0.26.tar.bz2.sig

This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key.

Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation.

Using sha1sum

If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-2.0.26.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-2.0.26.tar.bz2

and check that the output matches the SHA-1 checksum reported on this site. An example of a sha1sum output is:

3ff5b38152c919724fd09cf2f17df704272ba192  gnupg-2.0.26.tar.bz2

To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement mail posted to several mailing list.

SHA-1 Sum Summary

For your convenience, all SHA1 sums available for software that can be downloaded from our site, have been gathered below.

a7a7d1432db9edad2783ea1bce761a8106464165  dirmngr-1.1.0.tar.bz2
f30571f855b3ff8becff5378a884638da4c3cc9e  gnupg-1.4.17-1.4.18.diff.bz2
ea7d66c3de7aaf46de9e8678f4fc4a8c329400b2  gnupg-1.4.18.tar.gz
41462d1a97f91abc16a0031b5deadc3095ce88ae  gnupg-1.4.18.tar.bz2
579de2464528b436f39c5835e766867a1efa5fee  gnupg-w32cli-1.4.18.exe
3ff5b38152c919724fd09cf2f17df704272ba192  gnupg-2.0.26.tar.bz2
a91c258e79acf30ec86a667e07f835e5e79342d8  gpgme-1.5.1.tar.bz2
7aed69734ba64b63004107cada671b5861d332a4  libassuan-2.1.2.tar.bz2
cc31aca87e4a3769cb86884a3f5982b2cc8eb7ec  libgcrypt-1.6.2.tar.bz2
50fbff11446a7b0decbf65a6e6b0eda17b5139fb  libgpg-error-1.13.tar.bz2
241afcb2dfbf3f3fc27891a53a33f12d9084d772  libksba-1.3.0.tar.bz2
eeee9e80ea02f63bdac1cb03eb1785ab2cd57f90  pinentry-0.8.2.tar.bz2

CC-BY-SA 3.0
These web pages are Copyright 1998--2014 The GnuPG Projectยน and licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. See copying for details.