Integrity Check

In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways.

Using gpg

If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.28.tar.bz2 you would use this command:

gpg --verify gnupg-2.0.28.tar.bz2.sig gnupg-2.0.28.tar.bz2

This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by of the signing keys. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key.

Never use a GnuPG version you just downloaded to check the integrity of the source — use an existing GnuPG installation.

Using sha1sum

If you are not able to use an old version of GnuPG, you have to verify the SHA1 checksum. Assuming you downloaded the file gnupg-2.0.28.tar.bz2, you would run the sha1sum command like this:

sha1sum gnupg-2.0.28.tar.bz2

and check that the output matches the SHA-1 checksum reported on this site. An example of a sha1sum output is:

9a1050f72b6c9afe2b4a0a3f2e9dca2abba8e4ef  gnupg-2.0.28.tar.bz2

To be sure that this page has not been tampered, you may want to compare the list below with the one included in the announcement mail posted to several mailing list.

List of SHA-1 check-sums

For your convenience, all SHA-1 check-sums available for software that can be downloaded from our site, have been gathered below.

9a1050f72b6c9afe2b4a0a3f2e9dca2abba8e4ef  gnupg-2.0.28.tar.bz2
02bbe32e1ef3b06b3ae3c60c955fb767a1aa0f2f  gnupg-2.1.5.tar.bz2
f705fb6ae7612428b33cc51e23e006cdbf958e5d  gnupg-w32-2.1.5_20150611.exe
5503f7faa0a0e84450838706a67621546241ca50  gnupg-1.4.19.tar.bz2
d0cf40cc42ce057d7d747908ec21a973a423a508  gnupg-1.4.19.tar.gz
dc03ae4e4c3e8fe0583b37dd6c3124f94246d2f8  gnupg-w32cli-1.4.19.exe
4997951ab058788de48b989013668eb3df1e6939  libgpg-error-1.19.tar.bz2
9456e7b64db9df8360a1407a38c8c958da80bbf1  libgcrypt-1.6.3.tar.bz2
86fe0436f3c8c394d32e142ee410a9f9560173fb  libksba-1.3.3.tar.bz2
c21b86482f6a3624c2b46b91e20f8415f244233a  libassuan-2.2.1.tar.bz2
0c47f0ddea4631bcba01ebbeca8bffe0bf43e440  pinentry-0.9.4.tar.bz2
88476d72cb099e179de4040760502886f7a54926  gpgme-1.5.5.tar.bz2
9eb07bcceeb986c7b6dbce8a18b82a2c344b50ce  gpa-0.9.7.tar.bz2
a7a7d1432db9edad2783ea1bce761a8106464165  dirmngr-1.1.0.tar.bz2