bad signature then good signature

xmrbtc · July 3, 2019, 8:07pm

while downloading the whonix images and signautre, the .asc file completed but the .xz was still downloading

i tried to run gpg --verify Whonix*.asc and I got the “bad signature”, but it shows that it was signed by hulahoop and the time and everything.

when the download for .xz finished i ran gpg --verify again and I got good signature.

is this correct? or did I download malware that changes pgp keys?

madaidan · July 3, 2019, 8:10pm

It’s fine. The download wasn’t finished yet so it couldn’t verify it properly.

xmrbtc · July 3, 2019, 8:18pm

thanks boss. that is what i figured i just wanted to double check with the experts