Integrity Check

In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways.

Using gpg

If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.27.tar.bz2 you would use this command:

gpg --verify gnupg-2.0.27.tar.bz2.sig gnupg-2.0.27.tar.bz2

This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by of the signing keys. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key.

Never use a GnuPG version you just downloaded to check the integrity of the source — use an existing GnuPG installation.

Using sha1sum

If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-2.0.27.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-2.0.27.tar.bz2

and check that the output matches the SHA-1 checksum reported on this site. An example of a sha1sum output is:

d065be185f5bac8ea07b210ab7756e79b83b63d4  gnupg-2.0.27.tar.bz2

To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement mail posted to several mailing list.

List of SHA-1 check-sums

For your convenience, all SHA-1 check-sums available for software that can be downloaded from our site, have been gathered below.

d065be185f5bac8ea07b210ab7756e79b83b63d4  gnupg-2.0.27.tar.bz2
091e69ec1ce3f0032e6b135e4da561e8d46d20a7  gnupg-2.1.3.tar.bz2
fb541b8685b78541c9b2fadb026787f535863b4a  gnupg-w32-2.1.1_20141216.exe
5503f7faa0a0e84450838706a67621546241ca50  gnupg-1.4.19.tar.bz2
d0cf40cc42ce057d7d747908ec21a973a423a508  gnupg-1.4.19.tar.gz
dc03ae4e4c3e8fe0583b37dd6c3124f94246d2f8  gnupg-w32cli-1.4.19.exe
4997951ab058788de48b989013668eb3df1e6939  libgpg-error-1.19.tar.bz2
9456e7b64db9df8360a1407a38c8c958da80bbf1  libgcrypt-1.6.3.tar.bz2
86fe0436f3c8c394d32e142ee410a9f9560173fb  libksba-1.3.3.tar.bz2
7cf0545955ce414044bb99b871d324753dd7b2e5  libassuan-2.2.0.tar.bz2
01e62c45435496ff0e011255fb0ac1879a3bc177  pinentry-0.9.1.tar.bz2
8dd7711a4de117994fe2d45879ef8a9900d50f6a  gpgme-1.5.3.tar.bz2
9eb07bcceeb986c7b6dbce8a18b82a2c344b50ce  gpa-0.9.7.tar.bz2
a7a7d1432db9edad2783ea1bce761a8106464165  dirmngr-1.1.0.tar.bz2