gpg 1.4.x and 2.0.x differ in output with --with-colons --check-sigs

Daniel Kahn Gillmor dkg at
Fri Jul 12 17:49:00 CEST 2013

Hi GnuPG folks--

It looks to me like gpg and gpg2 differ in output when using
--with-colons --check-sigs:

0 dkg at alice:~$ diff -u <(gpg --check-sigs --with-colons ssh:// <(gpg2 --check-sigs --with-colons ssh://
--- /dev/fd/63	2013-07-12 11:38:20.492341784 -0400
+++ /dev/fd/62	2013-07-12 11:38:20.492341784 -0400
@@ -1,5 +1,5 @@
-sig:!::1:CCD2ED94D21739E9:1267149081::::Daniel Kahn Gillmor <dkg at>:10x:
+sig:!::1:CCD2ED94D21739E9:1267149081::::Daniel Kahn Gillmor <dkg at>:10x:::::10:
1 dkg at alice:~$ 

in particular, gpg 2.0.20 supplies field 16 for the sig lines, which
(according to DETAILS) is the hash algorithm of the signature, but gpg
1.4.12 does not.  (8 is SHA-256, 10 is SHA-512).  Is this an intentional

Is there any reason to avoid having 1.4.x produce this field as well?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: </pipermail/attachments/20130712/4187524e/attachment.sig>

More information about the Gnupg-devel mailing list