Bad signatures issued on macOS

John Soo john.soo+gnupg-users at arista.com
Thu Feb 12 18:48:54 CET 2026 

Hi Werner, thank you!

Attached is the result of a good and a bad signature using the attached
script. I see no difference in the trailer or signed data or swdb.lst

Do you have any ideas what might be going on?

Thank you,

John

On Thu, Jan 29, 2026 at 2:49 AM Werner Koch <wk at gnupg.org> wrote:

> On Wed, 28 Jan 2026 10:38, John Soo said:
> > Thanks Werner!
> >
> > I tried with -v --debug hashing and the content for hashing was not
> > printed, is there another flag I need to use?
>
> Let's see using some arbitrary signature
>
>   $ gpg --verify --debug hashing swdb.lst.sig swdb.lst
>
>   gpg: reading options from '/home/wk/.gnupg/gpg.conf'
>   gpg: reading options from '[cmdline]'
>   gpg: reading options from '/home/wk/.gnupg/common.conf'
>   gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
>   gpg: It is only intended for test purposes and should NOT be
>   gpg: used in a production environment or with production keys!
>   gpg: enabled debug flags: hashing
>   gpg: enabled compatibility flags:
>   gpg: Signature made Fri 23 Feb 2024 02:34:37 PM CET
>   gpg:                using EDDSA key
> 6DAA6E64A76D2840571B4902528897B826403ADA
>   gpg: using pgp trust model
>   gpg: please do a --check-trustdb
>   gpg: Good signature from "Werner Koch (dist signing 2020)" [ultimate]
>   gpg: binary signature, digest algorithm SHA256, key algorithm ed25519
>   gpg: secmem usage: 0/32768 bytes in 0 blocks
>
>   $ ls -lt | head -3
>   total 29839972
>   -rw-r--r--   1 wk   wk          4725 Jan 29 10:44 dbgmd-00001.verify
>   -rw-r--r--   1 wk   wk            41 Jan 29 10:44 dbgmd-00002.unknown
>
> dbgmd-00001.verify is the same as swdb.lst
> dbgmd-00002.unknown is the trailer hashed after swdb.lst.
>
> When creating the signature you should have seen
> dbgmd-00001.sign with the to be signed data
> dbgmd-00001.unknown with the trailer.
>
> dbgmd-00001.unknown gets overwritten so you need to store it away for
> later comparing.
>
>
> Salam-Shalom,
>
>    Werner
>
>
> --
> The pioneers of a warless world are the youth that
> refuse military service.             - A. Einstein
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260212/34ec07f8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: invalid-sigs-macos.tar
Type: application/x-tar
Size: 10240 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260212/34ec07f8/attachment.tar>

More information about the Gnupg-users mailing list