Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad GPG signature on Linux release binaries #8643

Open
warelock2 opened this issue Mar 23, 2025 · 0 comments
Open

Bad GPG signature on Linux release binaries #8643

warelock2 opened this issue Mar 23, 2025 · 0 comments

Comments

@warelock2
Copy link

warelock2 commented Mar 23, 2025
edited
Loading

Wire version: 3.39.3653

Files involved:

  • Wire-3.39.3653_x86_64_b6fcbacaf153678b1d30698d5d34d034.AppImage
  • sha256sum.txt.asc
  • 3.39.3653.tar.gz.sig
  • wire-sig.txt: I extracted the GPG signature block from sha256sum.txt.asc here
  • releases.key: Dowloaded from here

Expected behavior:

Run "gpg --verify" and get "Good signature" message

Actual behavior:

Run "gpg --verify" and get "Bad signature" message

Details:

$ gpg --verify wire-sig.txt ../Applications/Wire-3.39.3653_x86_64_b6fcbacaf153678b1d30698d5d34d034.AppImage 
gpg: Signature made Mon 20 Jan 2025 01:28:46 AM PST
gpg:                using RSA key ABBA007D6E14E2DB5B283C45D599C1AA126762B1
gpg: BAD signature from "Wire Releases Signing Key <[email protected]>" [unknown]

$ gpg --verify 3.39.3653.tar.gz.sig ../Applications/Wire-3.39.3653_x86_64_b6fcbacaf153678b1d30698d5d34d034.AppImage 
gpg: Signature made Mon 20 Jan 2025 02:52:15 AM PST
gpg:                using RSA key ABBA007D6E14E2DB5B283C45D599C1AA126762B1
gpg: BAD signature from "Wire Releases Signing Key <[email protected]>" [unknown]

NOTE: The sha256 checksums do match.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@warelock2