On May 6, 2010, at 10:43 PM, Hauke Laging wrote: > Hello, > > I have created signatures with different keys for a JPEG file. You can find > both the graphics file and the signatures on this web page: > > http://www.hauke-laging.de/organspende.html > > If I check the signatures, gpg2 2.0.15 (and at least .14, too) returns the > wrong hash (unless I misunderstand something): > > start cmd:> LC_ALL=C gpg --verify --verbose organspende.7f637e7b.1.sig > organspende.jpg > Version: GnuPG v2.0.14 (GNU/Linux) > gpg: armor header: > gpg: Signature made Fri May 7 03:48:42 2010 CEST > gpg: using RSA key 0x7F637E7B > gpg: using PGP trust model > gpg: Good signature from "Hauke Laging (Dieser Schlüssel ist wirklich sicher) > <[email protected]>" > gpg: Signature policy: http://www.hauke-laging.de/openpgp/policy.html > > gpg: binary signature, digest algorithm SHA1 > > It says SHA1 though according to my understanding > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > > iQFMBAABAgA2BQJL43F6LxpodHRwOi8vd3d3LmhhdWtlLWxhZ2luZy5kZS9vcGVu > cGdwL3BvbGljeS5odG1sAAoJEDlYRfZ/Y35735kIAIP2LgRqxhySQ0kaOSnFZfWs > YgvqeYYGHUeLIQzfGCbxD2VE0CzSQPNN3GabpsXF2DQ5xUh25n+9pu34gPAMvD6v > QKM8B31vkSj/KEuCZUXMOBiEDVBQn6ypR9ZmOSo991Lm84fIaOhx8rQ0d1kWxWuH > CRHemF49FSCxF/5CMcx+HMWjN6lKhQFK3z61In23Xjmf+dRFYxbPkInqu4tw6q4b > OODVVsK8FhCWz2aUNBSgWzwhmwwCD1R4/IblMejrStsbT0tFNzVbg3KKIQ7bHUD5 > k++hjk0K332ZXnR4X9jZku7FPpgAtp44/k0Op+yGZqW6RW6zu5s5fFPnkijef6U= > =eaxc > -----END PGP SIGNATURE----- > > is obviously not an SHA1 signature.
I think there is a misunderstanding. This is absolutely a SHA1 signature. Why do you think it isn't? David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
