Backup Central Forums :: View topic - winbacula 2.0.3 signature alert

Search • FAQ • Memberlist • Log in

The time now is Fri May 25, 2012 2:12 am

View previous topic | View next topic

Page 1 of 1

winbacula 2.0.3 signature alert

Author

Message

Guest

winbacula 2.0.3 signature alert

Hello,

the signature file don't corrospond to the file:

$ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe -d winbacula-2.0.3.exe.sig
gpg: Signature made 03/01/07 10:03:11 using DSA key ID 10A792AD
gpg: BAD signature from "Bacula Distribution Verification Key (www.bacula.org)"

$ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe --print-md md5 winbacula-2.0
.3.exe winbacula-2.0.3.exe.sig
winbacula-2.0.3.exe: 0E D2 E6 6F 15 F5 9E 60 DC FB 0A 88 31 E2 71 7F
winbacula-2.0.3.exe.sig: 57 71 4F 53 AE 02 6E BC 5F 5A 14 B8 42 29 6B 90

Check for modification please.

What's wrong?

Pierre Bernhardt

Sun Mar 11, 2007 1:09 pm

Guest

winbacula 2.0.3 signature alert

On Sunday 11 March 2007 17:08, Pierre Bernhardt wrote:
Hello,

the signature file don't corrospond to the file:

$ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe -d
winbacula-2.0.3.exe.sig gpg: Signature made 03/01/07 10:03:11 using DSA key
ID 10A792AD
gpg: BAD signature from "Bacula Distribution Verification Key
(www.bacula.org)"

$ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe --print-md md5
winbacula-2.0 .3.exe winbacula-2.0.3.exe.sig
winbacula-2.0.3.exe: 0E D2 E6 6F 15 F5 9E 60 DC FB 0A 88 31 E2 71 7F
winbacula-2.0.3.exe.sig: 57 71 4F 53 AE 02 6E BC 5F 5A 14 B8 42 29 6B 90

Check for modification please.

What's wrong?

We use public/private key cryptographic signatures rather than simple md5 hash
codes. It is much more secure.

Please read the "Latest News" from 2003 entitled "Distribution Verification"
and "Bacula Distribution Public Key" that on on the main Bacula page of
Source Forge.

Pierre Bernhardt

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bacula-users mailing list
Bacula-users < at > li...
https://lists.sourceforge.net/lists/listinfo/bacula-users

Sun Mar 11, 2007 1:49 pm

Guest

winbacula 2.0.3 signature alert

Kern Sibbald schrieb:
On Sunday 11 March 2007 17:08, Pierre Bernhardt wrote:
Hello,
Hi,

the signature file don't corrospond to the file:

$ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe -d
winbacula-2.0.3.exe.sig gpg: Signature made 03/01/07 10:03:11 using DSA key
ID 10A792AD
gpg: BAD signature from "Bacula Distribution Verification Key
(www.bacula.org)"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

$ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe --print-md md5
winbacula-2.0 .3.exe winbacula-2.0.3.exe.sig
winbacula-2.0.3.exe: 0E D2 E6 6F 15 F5 9E 60 DC FB 0A 88 31 E2 71 7F
winbacula-2.0.3.exe.sig: 57 71 4F 53 AE 02 6E BC 5F 5A 14 B8 42 29 6B 90

Check for modification please.

What's wrong?

We use public/private key cryptographic signatures rather than simple md5 hash
codes. It is much more secure.
Your wrong. The md5 is only for a test on server side. If you look above you can
see the that the public key 0x10A792AD match not with the file and the sig.

MfG...
Pierre Bernhardt

Sun Mar 11, 2007 2:22 pm

Guest

winbacula 2.0.3 signature alert

Pierre Bernhardt schrieb:
Hello,

the signature file don't corrospond to the file:

$ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe -d winbacula-2.0.3.exe.sig
gpg: Signature made 03/01/07 10:03:11 using DSA key ID 10A792AD
gpg: BAD signature from "Bacula Distribution Verification Key (www.bacula.org)"
Hello,

can any check this please? Did I have a infected binary gotten?

$ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe --print-md md5 winbacula-2.0
.3.exe winbacula-2.0.3.exe.sig
winbacula-2.0.3.exe: 0E D2 E6 6F 15 F5 9E 60 DC FB 0A 88 31 E2 71 7F
winbacula-2.0.3.exe.sig: 57 71 4F 53 AE 02 6E BC 5F 5A 14 B8 42 29 6B 90

Check for modification please.

What's wrong?

Pierre Bernhardt

Mon Mar 12, 2007 6:06 pm

Guest

winbacula 2.0.3 signature alert

[ Sorry, meant to send it to the list ]

On 3/12/07, Pierre Bernhardt <pierre < at > st...> wrote:
Pierre Bernhardt schrieb:
Hello,

the signature file don't corrospond to the file:

$ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe -d winbacula-2.0.3.exe.sig
gpg: Signature made 03/01/07 10:03:11 using DSA key ID 10A792AD
gpg: BAD signature from "Bacula Distribution Verification Key (www.bacula.org)"
Hello,

can any check this please? Did I have a infected binary gotten?

Well, none of my AV have seen any signs of infection, but I'm also
seeing the check fail.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche

Mon Mar 12, 2007 6:32 pm

The time now is Fri May 25, 2012 2:12 am | All times are GMT - 8 Hours

Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum