The source in dsig.c isn't helpful as I am unfamiliar with individual implementations of cryptographic signatures. (No comments stating what the algorithm is.).
I have seen references to the old style .db and .db2 or what ever they were called being verified with against md5 checksums. These are not good because I can modify the md5 sum on the mirror just as easily as modifying the .db/.db2 file itself. I believe this why "digital sinatures" were added to the .cvd files.
Is this digital signature method based on widley available PKI algorithms?
Shawn
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
