signature verification in 1.0?
Werner Koch
wk@gnupg.org
Thu, 16 Sep 1999 11:03:03 +0200
Steve Nunez <snunez@tibco.com> writes:
> dev% gpg --clearsign foo
>
> so far, so good. I've now got a foo.asc file, just like in
> mailcrypt. Now try to verify the signature:
Are you sure, that you didn't edit the foo.asc file?
> dev% gpg --verify foo.asc
> gpg: Signature made Tue Sep 14 16:51:30 1999 SGT using DSA key ID A901627E
> gpg: BAD signature from "Steven Nunez (Tibco email account) <snunez@tibco.com>"
$ cat -e foo.asc
-----BEGIN PGP SIGNED MESSAGE-----$
Hash: SHA1$
This is a test of gpg signing.$
[...]
I added the "Hash: SHA1" line and could verify the file. I also
tested that this header line is created when you do a --clearsign.
The presense of the hash line is important, because a missing Hash
line indicates the PGP 2 compatibility
--
Werner Koch at guug.de www.gnupg.org keyid 621CC013