Digital Signature Verification
Werner Koch
wk at gnupg.org
Fri Apr 22 20:45:54 CEST 2022
On Tue, 19 Apr 2022 15:52, Vishal Rana said:
> Digital signature verification is failing. Getting "*Bad signature*" error.
> How to debug this??
gpg --debug hashing --verify ..
Creates files with the actual hashed data - compare them to thoe create
by the signing process.
> But observation is generated signature,"image.sig" files on both scenarios
> are different. means hexdump for image.sig in both scenario is different.
Sure they are. Please read up on digital signature algorithms. See also
this status code we emit:
*** SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
This is emitted only for signatures of class 0 or 1 which have
been verified okay. The string is a signature id and may be used
in applications to detect replay attacks of signed messages. Note
that only DLP algorithms give unique ids - others may yield
duplicated ones when they have been created in the same second.
Note, that SIG-TIMESTAMP may either be a number of seconds since
Epoch or an ISO 8601 string which can be detected by the presence
of the letter 'T'.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220422/fd4c0a96/attachment.sig>
More information about the Gnupg-users
mailing list