Am Freitag 03 Dezember 2010 17:32:50 schrieb Werner Koch: > On Fri, 3 Dec 2010 13:21, [email protected] said: > > A first improvement would be to show the hash to be signed. Of course, > > you > > That does not help. Even if you would be able to compare it with the > hash displayed on the host box, you gain nothing: Any malware which > foist you a different file for signing won't have a problem to display > you the same hash value on the host and and the pinpad.
Sure, that was clear to me. Let's have a second look at what I wrote: #################### Of course, you cannot trust the hash calculation on a potentially compromised PC but this would be a start for further protection (e.g. by sending the file to someone else and comparing the hashes). #################### :-) Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
