Control: retitle -1 signing-party: gpgsigs(1) doesn't fill in partially filled Checksum lines Control: tag -1 wishlist
Hi,
On Wed, 30 May 2018 at 23:18:55 +0200, Uwe Kleine-König wrote:
> uwe@taurus:~/tmp$ gpgsigs 0D2511F322BFAB1C1580266BE2DCDD9132669BD6
> uwesparty.txt | grep -A2 "SHA256 Ch"
> Running --list-sigs, this may take a while .
> Annotating uwesparty.txt, writing into -
> SHA256 Checksum: 7F18 DB92 B265 CF92 9938 B4F7 5D80 999C
>
> 6697 1C2F 3DC9 D086 ACB8 469F 4A7C C7EE [ ]
>
> (but this isn't really useful because the checksum is wrong).
How so? What checksum were you expecting there?
$ sha256sum uwesparty.txt
7f18db92b265cf929938b4f75d80999c66971c2f3dc9d086acb8469f4a7cc7ee
uwesparty.txt
> With gpgsigs/stretch it works fine.
It was never designed this way, so I don't consider the new behavior to
be a regression hence downgraded the severity to ‘wishlist’. In fact
gpgsigs from signing-party 2.5-1 prints a warning and fills in the wrong
fingerprint:
$ gpgsigs 0D2511F322BFAB1C1580266BE2DCDD9132669BD6 uwesparty.txt.01bdf8 |
grep -A2 "SHA256 Ch"
Running --list-sigs, this may take a while .
Annotating uwesparty.txt.01bdf8, writing into -
Redundant argument in sprintf at gpgsigs line 402, <TXT> line 27.
SHA256 Checksum: 01BD F801 BDF8 B438 F326 6A35 C887 E6E1
AC66 45F8 D486 0A85 486E 6EA4 0EBB 3A73
[ ]
$ sha256sum uwesparty.txt.01bdf8
01bdf8b438f3266a35c887e6e1ac6645f8d4860a85486e6ea40ebb3a73f59fdd
uwesparty.txt.01bdf8
That is, you have the first 3 digests bytes (6 hexdigits) followed with
digest bytes 0-28. Thus bytes 0-2 are repeated and bytes 29-31 are
missing.
Cheers,
--
Guilhem.
signature.asc
Description: PGP signature

