md5sum for egd, gnupg
Wed Aug 13 20:20:02 2003
Content-Description: signed data
On Wednesday 13 Aug 2003 6:33 pm, Ross Druker wrote:
> I'm trying to verify the md5sum for egd. When I download the sum file fr=
> this page:
The md5sum isn't downloaded, it's generated on your own system from the fil=
you've downloaded and then compare it digit by digit with the printed md5su=
on the webpage.
$ md5sum <filename>
In your case it could be:
$ md5sum egd-0.8.tar.gz
What's you've download is, as it says, the PGP Signature block. This is an=
ASCII or binary signature made from the file. It is more rigorous than md5=
because the signature can be dated and verifiably attributed to a particula=
person as well as eliminating the possible problem of md5 not catching=20
certain amendments to the file - IIRC it is possible for two files to have=
the same md5?
To verify the PGP signature, you need to have GnuPG or PGP installed, then=
gpg --verify egd-0.8.tar.gz.asc
> This does not match at all with what md5sum displays for the actual file,
> nor does the content even look right.
It isn't anything to do with md5 - that's why.
> I asked another user to try and he couldn't even display this in his
> browser. He had to download it. Then, when he tried to display it, it was
> I get the same problem with the md5sum file for gnupg, but at least its s=
> is posted on another page, so I could use that.
> Anybody know what the problem is? I did notice that the gnupg file ends =
> .sig, which the egd file ends in .asc.
PGP signatures can end in .sig or .asc - there isn't an md5 file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----