Thank you very much for valuable reply , I'll check them out. Regards, Vishal Rana
On Sat, 23 Apr 2022, 12:16 am Werner Koch, <w...@gnupg.org> wrote: > On Tue, 19 Apr 2022 15:52, Vishal Rana said: > > > Digital signature verification is failing. Getting "*Bad signature*" > error. > > How to debug this?? > > gpg --debug hashing --verify .. > > Creates files with the actual hashed data - compare them to thoe create > by the signing process. > > > But observation is generated signature,"image.sig" files on both > scenarios > > are different. means hexdump for image.sig in both scenario is different. > > Sure they are. Please read up on digital signature algorithms. See also > this status code we emit: > > *** SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp> > This is emitted only for signatures of class 0 or 1 which have > been verified okay. The string is a signature id and may be used > in applications to detect replay attacks of signed messages. Note > that only DLP algorithms give unique ids - others may yield > duplicated ones when they have been created in the same second. > > Note, that SIG-TIMESTAMP may either be a number of seconds since > Epoch or an ISO 8601 string which can be detected by the presence > of the letter 'T'. > > > Salam-Shalom, > > Werner > > > -- > The pioneers of a warless world are the youth that > refuse military service. - A. Einstein >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
