[cross post] Why does verification of a detached signature result in a “Message digest did not match” error for OpenPGP.js?

Ingo Klöcker kloecker at kde.org
Sat Nov 28 16:38:27 CET 2020

On Freitag, 27. November 2020 23:52:27 CET cqcallaw via Gnupg-users wrote:
> I can sign and verify a test file through `gpg` without issue, but verifying
> the signature through OpenGPG.js fails with the error, "Message digest did
> not match." Why is this?

Could be a problem with text mode vs. non-text mode. By default, gpg uses non-
text mode when signing something. Try adding --textmode to gpg's command line.

> let msg = await openpgp.cleartext.fromText(msg_data);

This is just a wild guess, but fromText() could imply text mode in OpenPGP.js.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201128/070028d7/attachment.sig>

More information about the Gnupg-users mailing list