Signature Question

David Shaw dshaw at
Tue Sep 16 00:26:09 CEST 2008

On Sep 15, 2008, at 9:22 AM, Clough, Samuel (USPC.PRG.Atlanta) wrote:

> We recently moved our gpg processes from one server to another.  On  
> the new server, I installed the latest gpg build.  After that, one  
> vendor starting saying the signature on our files was bad.  I  
> checked and checked and gpg declared we were still signing them.  I  
> checked the gpg output between the old and new servers and found  
> that the new server was saying DSA/SHA signature applied whereas the  
> old version simply said DSA signature applied.  I rolled back to the  
> older version (1.2.1) and the vendor reported that our signatures  
> looked good.  I haven’t seen anything in the notes or man page about  
> different signature methods.  Could someone explain to me what  
> changed with signing files?

Not enough information to say.  Please show an example of an old  
signature, and a new signature.  It has nothing to do with "DSA" or  
"DSA/SHA".  That's just a human-readable message.  Unless you did  
special configuration, all DSA signatures are DSA/SHA.


More information about the Gnupg-users mailing list