If you’ve hit this page, it is probably because you’ve seen this error:
$ gpg --verify secretshare-1.3.1-SNAPSHOT.jar.asc secretshare-1.3.1-SNAPSHOT.jar gpg: Signature made Wed 04 Jun 2014 03:01:00 PM CDT using DSA key ID FC76F04F gpg: DSA key FC76F04F requires a 256 bit or larger hash gpg: Can't check signature: general error
The problem is internal “rules” with DSA signatures prevent gpg from performing the verify operation on a signature that was “too small” at creation.
I have no idea how to convince gradle to change its “signature generation parameter”.
Instead, my fix was to generate another key with $ gpg –gen-key, and this time, when asked about the DSA size, instead of picking the default 2048, I picked 1024.
Everything verifies now.