md5sum for egd, gnupg

Neil Williams linux@codehelp.co.uk
Wed Aug 13 20:20:02 2003 

--Boundary-02=_9HoO/KPDMoSxaIT
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 13 Aug 2003 6:33 pm, Ross Druker wrote:
> Hi,
> I'm trying to verify the md5sum for egd.  When I download the sum file fr=
om
> this page:
> http://www.gnupg.org/(en)/download/index.html

The md5sum isn't downloaded, it's generated on your own system from the fil=
e=20
you've downloaded and then compare it digit by digit with the printed md5su=
m=20
on the webpage.

$ md5sum <filename>

In your case it could be:
$ md5sum egd-0.8.tar.gz

What's you've download is, as it says, the PGP Signature block. This is an=
=20
ASCII or binary signature made from the file. It is more rigorous than md5=
=20
because the signature can be dated and verifiably attributed to a particula=
r=20
person as well as eliminating the possible problem of md5 not catching=20
certain amendments to the file - IIRC it is possible for two files to have=
=20
the same md5?

To verify the PGP signature, you need to have GnuPG or PGP installed, then=
=20
use:

gpg --verify egd-0.8.tar.gz.asc

> This does not match at all with what md5sum displays for the actual file,
> nor does the content even look right.

It isn't anything to do with md5 - that's why.

> I asked another user to try and he couldn't even display this in his
> browser. He had to download it.  Then, when he tried to display it, it was
> binary.
>
> I get the same problem with the md5sum file for gnupg, but at least its s=
um
> is posted on another page, so I could use that.
>
> Anybody know what the problem is?  I did notice that the gnupg file ends =
in
> .sig, which the egd file ends in .asc.

PGP signatures can end in .sig or .asc - there isn't an md5 file.

> Thanks,
> Ross

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3

--Boundary-02=_9HoO/KPDMoSxaIT
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/OoH9iAEJSii8s+MRAqrpAJwI0EyYfx8tg7c1XgE+HfEwSN7xMwCgyM+b
Eu7QAbgUAtwMhPiqWNNq3+8=
=md5r
-----END PGP SIGNATURE-----

--Boundary-02=_9HoO/KPDMoSxaIT--