signature verification in 1.0?

Steve Nunez snunez@tibco.com
Thu, 16 Sep 1999 17:33:41 +0800 (SGT) 

I'm positive I didn't edit the file. In fact, I just did it again and
there isn't any "Hash: SHA1$" line at all in the message. See listing
below (I had to create a new foo file, I deleted the last one I gave
you). Why would your version of gpg create this header line, but not
mine? I haven't edited the code at all.

	- SteveN


tibdev45% gpg --clearsign foo

You need a passphrase to unlock the secret key for
user: "Steven Nunez (Tibco email account) <snunez@tibco.com>"
1024-bit DSA key, ID A901627E, created 1999-09-14

tibdev45% less foo.asc
-----BEGIN PGP SIGNED MESSAGE-----


This is a test of gpg signing.$

        - SteveN

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (SunOS)
Comment: For info see http://www.gnupg.org

iD8DBQE34LiC9yAwPKkBYn4RAlGSAJ9J9AZaZQckOo9J9lbs/LhrfaLSLQCdHMyV
D3U+L0M3HurYwKJiFi9GgOc=
=7kQU
-----END PGP SIGNATURE-----
tibdev45% gpg --verify foo.asc
gpg: Signature made Thu Sep 16 17:29:38 1999 SGT using DSA key ID A901627E
gpg: BAD signature from "Steven Nunez (Tibco email account) <snunez@tibco.com>"
tibdev45% 



>>>>> "Werner" == Werner Koch <wk@gnupg.org> writes:


    Werner> Steve Nunez <snunez@tibco.com> writes:
    >> dev% gpg --clearsign foo
    >> 
    >> so far, so good. I've now got a foo.asc file, just like in
    >> mailcrypt. Now try to verify the signature:

    Werner> Are you sure, that you didn't edit the foo.asc file?

    >> dev% gpg --verify foo.asc gpg: Signature made Tue Sep 14
    >> 16:51:30 1999 SGT using DSA key ID A901627E gpg: BAD signature
    >> from "Steven Nunez (Tibco email account) <snunez@tibco.com>"


    Werner> $ cat -e foo.asc -----BEGIN PGP SIGNED MESSAGE-----$ Hash:
    Werner> SHA1$

    Werner> This is a test of gpg signing.$

    Werner> [...]

    Werner> I added the "Hash: SHA1" line and could verify the file.
    Werner> I also tested that this header line is created when you do
    Werner> a --clearsign.

    Werner> The presense of the hash line is important, because a
    Werner> missing Hash line indicates the PGP 2 compatibility


    Werner> -- Werner Koch at guug.de www.gnupg.org keyid 621CC013