<div dir="auto">Thank you very much for valuable reply , I'll check them out. <div dir="auto"><br></div><div dir="auto">Regards,</div><div dir="auto">Vishal Rana </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 23 Apr 2022, 12:16 am Werner Koch, <<a href="mailto:wk@gnupg.org">wk@gnupg.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue, 19 Apr 2022 15:52, Vishal Rana said:<br>
<br>
> Digital signature verification is failing. Getting "*Bad signature*" error.<br>
> How to debug this??<br>
<br>
gpg --debug hashing --verify ..<br>
<br>
Creates files with the actual hashed data - compare them to thoe create<br>
by the signing process.<br>
<br>
> But observation is generated signature,"image.sig" files on both scenarios<br>
> are different. means hexdump for image.sig in both scenario is different.<br>
<br>
Sure they are. Please read up on digital signature algorithms. See also<br>
this status code we emit:<br>
<br>
*** SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp><br>
This is emitted only for signatures of class 0 or 1 which have<br>
been verified okay. The string is a signature id and may be used<br>
in applications to detect replay attacks of signed messages. Note<br>
that only DLP algorithms give unique ids - others may yield<br>
duplicated ones when they have been created in the same second.<br>
<br>
Note, that SIG-TIMESTAMP may either be a number of seconds since<br>
Epoch or an ISO 8601 string which can be detected by the presence<br>
of the letter 'T'.<br>
<br>
<br>
Salam-Shalom,<br>
<br>
Werner<br>
<br>
<br>
-- <br>
The pioneers of a warless world are the youth that<br>
refuse military service. - A. Einstein<br>
</blockquote></div>