Integrity Check

In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways.

Using gpg

If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.27.tar.bz2 you would use this command:

gpg --verify gnupg-2.0.27.tar.bz2.sig gnupg-2.0.27.tar.bz2

This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by of the signing keys. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key.

Never use a GnuPG version you just downloaded to check the integrity of the source — use an existing GnuPG installation.

Using sha1sum

If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-2.0.27.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-2.0.27.tar.bz2

and check that the output matches the SHA-1 checksum reported on this site. An example of a sha1sum output is:

d065be185f5bac8ea07b210ab7756e79b83b63d4  gnupg-2.0.27.tar.bz2

To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement mail posted to several mailing list.

List of SHA-1 check-sums

For your convenience, all SHA-1 check-sums available for software that can be downloaded from our site, have been gathered below.

d065be185f5bac8ea07b210ab7756e79b83b63d4  gnupg-2.0.27.tar.bz2
ad68d65c54698e3c781e17864ab5918442df155a  gnupg-2.1.4.tar.bz2
d8f4a326c36578d05af5751abea668a15ea0aae1  gnupg-w32-2.1.4_20150512.exe
5503f7faa0a0e84450838706a67621546241ca50  gnupg-1.4.19.tar.bz2
d0cf40cc42ce057d7d747908ec21a973a423a508  gnupg-1.4.19.tar.gz
dc03ae4e4c3e8fe0583b37dd6c3124f94246d2f8  gnupg-w32cli-1.4.19.exe
4997951ab058788de48b989013668eb3df1e6939  libgpg-error-1.19.tar.bz2
9456e7b64db9df8360a1407a38c8c958da80bbf1  libgcrypt-1.6.3.tar.bz2
86fe0436f3c8c394d32e142ee410a9f9560173fb  libksba-1.3.3.tar.bz2
c21b86482f6a3624c2b46b91e20f8415f244233a  libassuan-2.2.1.tar.bz2
5179807a412056286c7ac98a1ea6727c74ea87d2  pinentry-0.9.2.tar.bz2
8cf1bcce8603bd7d006065f08059cf85462828c4  gpgme-1.5.4.tar.bz2
9eb07bcceeb986c7b6dbce8a18b82a2c344b50ce  gpa-0.9.7.tar.bz2
a7a7d1432db9edad2783ea1bce761a8106464165  dirmngr-1.1.0.tar.bz2