Hello,
Problem: When I attempt to verify the signature of the Wireshark
3.2.2 Windows installer (64-bit), I receive a message that the
signature is invalid. I expected a good signature. Is this a known
issue?
Windows 10 Pro Version 1903 Build 18362.657 64 bit
Gpg4win 3.1.11
Attempting to install Wireshark 3.2.2 (Windows 64-bit)
Details and Steps to Reproduce:
1) Went to https://www.wireshark.org/download.html and downloaded
the Windows Installer (64-bit) for Wireshark version 3.2.2; saved
the .exe to my desktop with the name Wireshark-win64-3.2.2
2) Went to
https://www.wireshark.org/download/gerald_at_wireshark_dot_org.gpg
, selected all of the text, copied it, pasted it into a notepad
file, and saved it as an .asc file to my desktop with the name
Wireshark-Code-Signing-Key
3) Successfully imported the key from step 2 into Kleopatra by
using File>Import
4) Went to https://www.wireshark.org/download/SIGNATURES-3.2.2.txt
, selected all of the text beginning with and including
“-----BEGIN PGP SIGNATURE-----“ and ending with and including
“-----END PGP SIGNATURE-----“, copied it, pasted it into a notepad
file, and saved it as an .asc file to my desktop with the name
Wireshark-win64-3.2.2.exe
5) Right-clicked the Windows installer (64-bit) .exe file saved to
my desktop, selected “More GpgEX options”>Verify
6) In the next window that appears, it contains the following
message: Verified ‘Wireshark-win64-3.2.2.exe’ with
‘Wireshark-win64-3.2.2.exe.asc’: Invalid signature. With
certificate: Gerald Combs gerald@xxxxxxxxxxxxx (8224 4A78 E6FE
AEEA) The signature is invalid: Bad signature