Question on Kyber Encryption (Key Gen)
Damien Goutte-Gattat
dgouttegattat at incenp.org
Sat Nov 2 00:21:07 CET 2024
On Friday, 1 November 2024 10:20:14 GMT Jakob Bohm via Gnupg-users wrote:
> Unless the speedo make target actively checks each download against a
> strong hash stored in the initial gnupg tarball
It does, actually.
More precisely, it checks each download against a strong hash stored in a swdb.lst file. Granted, that file is not in the original tarball and is instead downloaded from an online source, but its signature is verified against GnuPG’s release signing key, which IS in the original tarbal (g10/distsigkey.gpg).
- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20241101/001f9d2e/attachment.sig>
More information about the Gnupg-users
mailing list