multiple signers
David Shaw
dshaw at jabberwocky.com
Mon Dec 9 18:05:02 CET 2002
On Sun, Dec 08, 2002 at 02:46:28PM +0100, Timo Schulz wrote:
> $ gpg --verify foo.bar.asc
> gpg: Signature made Son 08 Dez 2002 14:38:42 MEZ using RSA key ID E4CA8F45
> gpg: Good signature from "OpenCDK test key"
> gpg: Signature made Son 08 Dez 2002 14:38:42 MEZ using RSA key ID 333CA589
> gpg: WARNING: signature digest conflict in message
> gpg: BAD signature from "John Q. Smith <john at smith.org>"
>
>
> The warning tells me about the MD5/SHA1 conflict and the result is a bad
> signature. I'm not sure if the signature is really bad, because the digest
> was only computed with SHA1, or if only the wrong digest was set (SHA1
> instead of MD5) during the verify hash operation.
The signature is good.. the verify assumes that all signatures in the
chain have the same hash. :(
I'll fix that.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list