Hi Guys, I'm new to GPG so I'm not sure if this is a problem or if it's by design but it's possible to modify a clearsigned message/document and still have it verify. When I sign a document GPG adds the two header lines "-----BEGIN PGP SIGNED MESSAGE-----" and "Hash: SHA1" followed by a blank line. I can add any text I wish into the blank line without affecting the verification of the signature. Changing anything else breaks verification.
Is this behaviour by design? Are GPG users supposed to be aware that this line is untrusted? Andy.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
