i'm reading the gpg readme file, and don't understand something.
i have a gpg passphrase, made a revocation file and stashed it away on a
floppy where nobody will get it.
i can sign a file, generating a ascii signature
$ gpg -sa muttrc
that's great. now i can even verify the signature.
$ gpg --verify muttrc.asc
gpg: Signature made Thu Dec 7 19:40:22 2000 PST using DSA key ID 67EA951D
gpg: Good signature from "Peter Jay Salzman <[EMAIL PROTECTED]>"
now i insert a virus into muttrc that will destroy every computer in the
universe the next time mutt is run.
muttrc.asc still verifies just as well as it did before the virus was
inserted. i'm not understanding the point of the *.asc file. it seems like
you should be verifying the original file, not the *.asci file.
peter
PGP signature
