GPG verify wireshark, BAD signature from "Gerald Combs"

asked 2019-09-06 12:17:16 +0000

t_w_d gravatar image

Hello, Today I downloaded the latest Wireshark dmg file, when I use gpg --verify to check the signature, the result is:

$gpg --verify SIGNATURES-3.0.3.txt Wireshark\ 3.0.3\ Intel\ 64.dmg 
gpg --verify SIGNATURES-3.0.3.txt Wireshark\ 3.0.3\ Intel\ 64.dmg 
gpg: Signature made Thu Jul 18 02:30:44 2019 CST
gpg:                using RSA key 5A5ADBA7DBEA6C3F87224F1982244A78E6FEAEEA
gpg: BAD signature from "Gerald Combs <[email protected]>" [unknown]

The sha256sum result is correct.

Download URL is:

Can anyone tell me why the result shows BAD signature? Should I use the file anyway? Normally, it will show "Good Signature from...WARNING: This key is not certified with a trusted signature!"

edit retag flag offensive close merge delete


Does anyone know the reason or have a clue about this?

t_w_d gravatar imaget_w_d ( 2019-09-15 14:41:16 +0000 )edit