Digital Signature Verification
Vishal Rana
vishal.rana118 at gmail.com
Sat Apr 23 04:02:08 CEST 2022
Thank you very much for valuable reply , I'll check them out.
Regards,
Vishal Rana
On Sat, 23 Apr 2022, 12:16 am Werner Koch, <wk at gnupg.org> wrote:
> On Tue, 19 Apr 2022 15:52, Vishal Rana said:
>
> > Digital signature verification is failing. Getting "*Bad signature*"
> error.
> > How to debug this??
>
> gpg --debug hashing --verify ..
>
> Creates files with the actual hashed data - compare them to thoe create
> by the signing process.
>
> > But observation is generated signature,"image.sig" files on both
> scenarios
> > are different. means hexdump for image.sig in both scenario is different.
>
> Sure they are. Please read up on digital signature algorithms. See also
> this status code we emit:
>
> *** SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
> This is emitted only for signatures of class 0 or 1 which have
> been verified okay. The string is a signature id and may be used
> in applications to detect replay attacks of signed messages. Note
> that only DLP algorithms give unique ids - others may yield
> duplicated ones when they have been created in the same second.
>
> Note, that SIG-TIMESTAMP may either be a number of seconds since
> Epoch or an ISO 8601 string which can be detected by the presence
> of the letter 'T'.
>
>
> Salam-Shalom,
>
> Werner
>
>
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220423/617e270f/attachment.html>
More information about the Gnupg-users
mailing list