Gradle Signing Plugin

If you’ve hit this page, it is probably because you’ve seen this error:

$ gpg --verify secretshare-1.3.1-SNAPSHOT.jar.asc secretshare-1.3.1-SNAPSHOT.jar
gpg: Signature made Wed 04 Jun 2014 03:01:00 PM CDT using DSA key ID FC76F04F
gpg: DSA key FC76F04F requires a 256 bit or larger hash
gpg: Can't check signature: general error

The problem is internal “rules” with DSA signatures prevent gpg from performing the verify operation on a signature that was “too small” at creation.

I have no idea how to convince gradle to change its “signature generation parameter”.

Instead, my fix was to generate another key with $ gpg –gen-key, and this time, when asked about the DSA size, instead of picking the default 2048, I picked 1024.

Everything verifies now.

This entry was posted in Software Project. Bookmark the permalink.

Comments are closed.