gpg 1.4.x and 2.0.x differ in output with --with-colons --check-sigs
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jul 12 17:49:00 CEST 2013
Hi GnuPG folks--
It looks to me like gpg and gpg2 differ in output when using
--with-colons --check-sigs:
0 dkg at alice:~$ diff -u <(gpg --check-sigs --with-colons ssh://che.mayfirst.org) <(gpg2 --check-sigs --with-colons ssh://che.mayfirst.org)
--- /dev/fd/63 2013-07-12 11:38:20.492341784 -0400
+++ /dev/fd/62 2013-07-12 11:38:20.492341784 -0400
@@ -1,5 +1,5 @@
tru::1:1373556281:1373770620:3:1:5
pub:f:2048:1:6D55BC121C106C76:1267149023:::-:::caCA:
uid:f::::1267149023::FA9BB45DEC38693028E39E41D8BDD5A9D6234406::ssh\x3a//che.mayfirst.org:
-sig:!::1:6D55BC121C106C76:1267149023::::ssh\x3a//che.mayfirst.org:13x:
-sig:!::1:CCD2ED94D21739E9:1267149081::::Daniel Kahn Gillmor <dkg at fifthhorseman.net>:10x:
+sig:!::1:6D55BC121C106C76:1267149023::::ssh\x3a//che.mayfirst.org:13x:::::8:
+sig:!::1:CCD2ED94D21739E9:1267149081::::Daniel Kahn Gillmor <dkg at fifthhorseman.net>:10x:::::10:
1 dkg at alice:~$
in particular, gpg 2.0.20 supplies field 16 for the sig lines, which
(according to DETAILS) is the hash algorithm of the signature, but gpg
1.4.12 does not. (8 is SHA-256, 10 is SHA-512). Is this an intentional
difference?
Is there any reason to avoid having 1.4.x produce this field as well?
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: </pipermail/attachments/20130712/4187524e/attachment.sig>
More information about the Gnupg-devel
mailing list