Integrity Check

In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways.

Using gpg

If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.29.tar.bz2 you would use this command:

gpg --verify gnupg-2.0.29.tar.bz2.sig gnupg-2.0.29.tar.bz2

This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by of the signing keys. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key.

Never use a GnuPG version you just downloaded to check the integrity of the source — use an existing GnuPG installation.

Using sha1sum

If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-2.0.29.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-2.0.29.tar.bz2

and check that the output matches the SHA-1 checksum reported on this site. An example of a sha1sum output is:

87eb0df18f9953675f979405a1af10ab6c5322b3  gnupg-2.0.29.tar.bz2

To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement mail posted to several mailing list.

List of SHA-1 check-sums

For your convenience, all SHA-1 check-sums available for software that can be downloaded from our site, have been gathered below.

87eb0df18f9953675f979405a1af10ab6c5322b3  gnupg-2.0.29.tar.bz2
119bab38d2ff3a849be62914be9bf7333da68883  gnupg-2.1.9.tar.bz2
f6568d0c407090d1528cda87ca0af85eec2b7b22  gnupg-w32-2.1.9_20151009.exe
5503f7faa0a0e84450838706a67621546241ca50  gnupg-1.4.19.tar.bz2
d0cf40cc42ce057d7d747908ec21a973a423a508  gnupg-1.4.19.tar.gz
dc03ae4e4c3e8fe0583b37dd6c3124f94246d2f8  gnupg-w32cli-1.4.19.exe
89c961f63469739fe816a56dcdd86c2e1897cace  libgpg-error-1.20.tar.bz2
ed52add1ce635deeb2f5c6650e52667debd4ec70  libgcrypt-1.6.4.tar.bz2
86fe0436f3c8c394d32e142ee410a9f9560173fb  libksba-1.3.3.tar.bz2
54982bf7ecf42c0c4d4251d49614ba18edb18264  libassuan-2.4.1.tar.bz2
296992d7b26ba2a517b093ccae26bc00b88b3bb5  pinentry-0.9.6.tar.bz2
21510323495f6220f8f67610c3c27a23d761d43d  gpgme-1.6.0.tar.bz2
1cf86c9e38aa553fdb880c55cbc6755901ad21a4  gpa-0.9.9.tar.bz2
a7a7d1432db9edad2783ea1bce761a8106464165  dirmngr-1.1.0.tar.bz2