On 4/04/2018 10:29 AM, Paul Gilmartin wrote:
So is a signature any more secure than an independently verifiable checksum,
or just more practical?
If you get the checksum via a reliable channel I think it is as secure.
The digital signature allows the checksum to be included with the file,
and verified using pre-arranged public keys. So you only need the public
keys rather than a means to get a verifiable checksum for each package
(really the signature + public keys are the means to verify the checksum).
--
Andrew Rowley
Black Hill Software
+61 413 302 386
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
