-   Slackware (
-   -   PGP reads bad signature from (

cfdisk 03-14-2013 11:41 AM

PGP reads bad signature from

I can't verify pwgen signature from SlackBuilds


[mike:~/build]$ gpg pwgen.tar.gz.asc
Detached signature.
Please enter name of data file: pwgen-2.06.tar.gz
gpg: Signature made Wed 27 Apr 2011 07:05:54 PM EDT using DSA key ID 9C7BA3B6
gpg: BAD signature from " Development Team <>"

I checked it twice and I guess there was no mistakes on my side because another script, fakeroot, verifies:

[mike:~/build]$ gpg fakeroot.tar.gz.asc
gpg: Signature made Wed 27 Apr 2011 07:15:45 PM EDT using DSA key ID 9C7BA3B6
gpg: Good signature from " Development Team <>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: D307 6BC3 E783 EE74 7F09  B8B7 0368 EF57 9C7B A3B6

Just in case, this is my folder:

[mike:~/build]$ ls -l                       
total 48
-rw-r--r-- 1 mike users  2370 Feb  6  2007 GPG-KEY
-rw-r--r-- 1 mike users  2488 Mar 14 11:22 fakeroot.tar.gz
-rw-r--r-- 1 mike users  198 Apr 27  2011 fakeroot.tar.gz.asc
-rw-r--r-- 1 mike users 30952 Mar 14 11:50 pwgen-2.06.tar.gz
-rw-r--r-- 1 mike users  198 Apr 27  2011 pwgen.tar.gz.asc

Could you please look into the matter?

Thanks in advance.


T3slider 03-14-2013 11:47 AM

I'm no expert, but I believe you are trying to manually use the pwgen.tar.gz.asc file to verify the *source* pwgen-2.06.tar.gz file since the SBo pwgen.tar.gz file is missing. SBo's signatures verify the SlackBuild tarballs, not the source (the source is indirectly verified by the md5sum contained in the verified SlackBuild tarball, in the file). Download the correct file and re-verify and it should all work out.

cfdisk 03-14-2013 11:54 AM

Thanks, T3slider! :o

You are right.

All times are GMT -5. The time now is 09:50 PM.