verifying hashes with Gnupg
John Ruff
jcruff at gmail.com
Thu Jul 22 07:22:36 CEST 2010
On Jul 21, 2010, at 10:52 AM, vedaal at nym.hush.com wrote:
> MFPA expires2010 at ymail.com wrote on
> Wed Jul 21 01:49:01 CEST 2010 :
>
>>> Why would you want to use gnupg for this if md5sum,
>>> sha1sum, sha256sum, etc. are available for most
>>> systems?
>
>> Maybe he wanted to check if an app he already installed would
> perform
>> this function before downloading another app to do it?
>
> Much simpler reason ;-(
>
> windows command line doesn't recognize it (without cygwin)
>
>
not sure what version this was made available, but the '--print-md
<algo>' option to gpg will generate a hash, albeit you must visually
validate.
$ gpg --print-md SHA1 10MB.dat
10MB.dat: 8C20 6A1A 8759 9F53 2CE6 8675 536F 0B15 4690 0D7A
$ openssl sha1 10MB.dat
SHA1(10MB.dat)= 8c206a1a87599f532ce68675536f0b1546900d7a
$ gpg --print-md SHA512 10MB.dat
10MB.dat: 868D3A19 0F272375 8D1A6449 8A4AC1F1 4B0297E1 6E731A0E EC3A446B
775C65CB 8428AB33 140CEE13 EF51E7BB 3764B5FF 1900CFB3
42A3DBF3
FCC41DD6 CDD9FCEA
$ openssl dgst -sha512 10MB.dat
SHA512(10MB.dat)=
868d3a190f2723758d1a64498a4ac1f14b0297e16e731a0eec3a446b775c65cb8428ab33140cee13ef51e7bb3764b5ff1900cfb342a3dbf3fcc41dd6cdd9fcea
___________________
Chris Ruff
jcruff at gmail.com
GPG Key: 0x307A351B4EC4B6A1
FGPR: BF2F 2497 22E7 FEB5 C805
075C 307A 351B 4EC4 B6A1
"No one can see past a choice they don't understand." --The Oracle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 527 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20100722/819dcd1c/attachment.pgp>
More information about the Gnupg-users
mailing list