-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 16.02.15 00:07, Robert J. Hansen wrote: >> A "bad signature" _only shows one thing_: The message was >> modified along the way from the signing process (at the senders >> computer) to the verification process (at your computer). > > It doesn't even show that. > > The modification can be in the signature, not the message -- > meaning it's possible to have an entirely unchanged message, but > still have a bad signature. > > A good signature verifies message integrity. A bad signature does > not confirm tampering: it only states the integrity is not > assured.
You're right. I assumed that modification would be anywhere in message text and signature as a whole, but my wording too tight. Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJU4ZGoAAoJEDrb+m0Aoeb+fHAP/RHqt/jo8DTIXvtm+ZaggDGi DRb3KKhnBDhHLsGRSX3xd9om/gmRDLtSSzObp63Gq3LQQg2lfIErfYqsyAChvtzL 0/zjzoRoVBrPjbbiPR5QVX1ge3xWUEeR6X4GLSKtbsPBLizS/bNelYoa4EdfNn3P rY/DXmflm26hZYTGX6GbV321zQtV0MDNop1JFn6jhazwOFNQTssIwVGchKCkwgGz +9aL9coSEFeqnimwS+JURpYZT3nKRa4CmUJOZ0M915DSL3GIBK9qmRoWeEGgvkSr f54r6F2FU/Xqg2eUZI8wXrVE2fk8V38BZSWQfxwtdXzHGLxmD3xgUHjneiJBFU8L d3XrM/iqcQWBFpCwOHizms3QZBHk7RHwcEq3XpOtc9h0hVBp80AdsWGVx2kfG8jD 2e9hyXOxIlDoAM0tdWFa45tTnys/XkGp5HNmkquNdiQtkF7IkNP2Dc85QdAXaPJ9 WLHXfVMlA4AbzZuvhrzfjWaEHDx+6xrq8OiP8xvHQ8AFyMwFmiI8xSxdC5x9hnBa bH8FYVoDVdupTt6n/nm/7pS/Gd6iUy4/2xX8vKuff2kXRS+Duw59jmwqYi72lDwk AA076cJskTXzu0XVG47uc37AnQPv6qB+JwKqmoH0uioft0MKmzPLMAOQmAZultGq txZuf+NZ0KLIRrEf7HAD =+TQu -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users