Can I see the checksum when I sign/verify a file?

David Shaw dshaw at jabberwocky.com
Thu May 4 17:10:43 CEST 2006


On Thu, May 04, 2006 at 10:42:27AM -0400, feitao wrote:
> Hi,
> 
> I wonder if I can actually see the sha1/md5 checksum when I sign/verify a
> file. That is, when
>   gpg -s -e somefile
>   gpg -d somefile.gpg
> is there an option to print out the checksum when signing/verifying the
> file? (not --print-mds to calculate it again)

There isn't.  Note that the hash that is used when making a signature
is not the same one that you'd get when using something like
--print-md anyway.  There are timestamps, subpackets, etc, in the hash
used in the signature.  --print-md is a raw hash of just the file.

> And how can I choose the hash method (sha1 or md5) when signing?

--personal-digest-prefs takes a list of hash algorithms.  It will pick
the first one that is usable for your signature type.

Don't use md5.

David



More information about the Gnupg-users mailing list