I’m using crypto/opengpg to verify a PGP signature but constantly receive: openpgp: invalid signature: hash tag doesn't match.
Sample code is available here: https://play.golang.org/p/NqjiG3n9Xk8 With the same input data from the above and gpg CLI, gpg --verify works correctly and the signature is verified as output below gpg --import signerPubKey gpg --verify validSignature text gpg: Signature made Tue Mar 10 11:55:39 2020 EDT gpg: using RSA key 379CE192D401AB61 gpg: Good signature from "Bintray (by JFrog) <bint...@bintray.com>" [unknown ] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner . Primary key fingerprint: 8756 C4F7 65C9 AC3C B6B8 5D62 379C E192 D401 AB61 My limited knowledge about PGP in general stops me from getting further. Appreciate your inputs on this issue. PS: the data is signed by a third party service so I don't have the access to the private key -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/74742323-c37d-490e-b1eb-083d56cf450c%40googlegroups.com.