Integrity Check

In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways.

Using gpg

If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.26.tar.bz2 you would use this command:

gpg --verify gnupg-2.0.26.tar.bz2.sig gnupg-2.0.26.tar.bz2

This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by of the signing keys. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key.

Never use a GnuPG version you just downloaded to check the integrity of the source — use an existing GnuPG installation.

Using sha1sum

If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-2.0.26.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-2.0.26.tar.bz2

and check that the output matches the SHA-1 checksum reported on this site. An example of a sha1sum output is:

3ff5b38152c919724fd09cf2f17df704272ba192  gnupg-2.0.26.tar.bz2

To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement mail posted to several mailing list.

List of SHA-1 check-sums

For your convenience, all SHA-1 check-sums available for software that can be downloaded from our site, have been gathered below.

3ff5b38152c919724fd09cf2f17df704272ba192  gnupg-2.0.26.tar.bz2
3d11fd150cf86f842d077437edb119a775c7325d  gnupg-2.1.1.tar.bz2
fb541b8685b78541c9b2fadb026787f535863b4a  gnupg-w32-2.1.1_20141216.exe
41462d1a97f91abc16a0031b5deadc3095ce88ae  gnupg-1.4.18.tar.bz2
ea7d66c3de7aaf46de9e8678f4fc4a8c329400b2  gnupg-1.4.18.tar.gz
f30571f855b3ff8becff5378a884638da4c3cc9e  gnupg-1.4.17-1.4.18.diff.bz2
579de2464528b436f39c5835e766867a1efa5fee  gnupg-w32cli-1.4.18.exe
ba5858b2947e7272dd197c87bac9f32caf29b256  libgpg-error-1.17.tar.bz2
cc31aca87e4a3769cb86884a3f5982b2cc8eb7ec  libgcrypt-1.6.2.tar.bz2
37d0893a587354af2b6e49f6ae701ca84f52da67  libksba-1.3.2.tar.bz2
7cf0545955ce414044bb99b871d324753dd7b2e5  libassuan-2.2.0.tar.bz2
f8e5c774c35fbb91d84e82559baf76f6b4513236  pinentry-0.9.0.tar.bz2
8dd7711a4de117994fe2d45879ef8a9900d50f6a  gpgme-1.5.3.tar.bz2
9eb07bcceeb986c7b6dbce8a18b82a2c344b50ce  gpa-0.9.7.tar.bz2
a7a7d1432db9edad2783ea1bce761a8106464165  dirmngr-1.1.0.tar.bz2