basic hash signature question
David Shaw
dshaw at jabberwocky.com
Thu Mar 11 23:35:59 CET 2004
On Thu, Mar 11, 2004 at 02:00:38PM -0800, vedaal at hush.com wrote:
> when gnupg is used to sign a file with a signing key,
> two things can be determined from the signature hash:
>
> [1] the file can be verified as 'unchanged' from the time of the signing
>
> [2] the file can be authenticated as being signed by the person in possession
> of the signing key
>
>
> basic question ;-) :
>
> if someone doesn't have the signer's public key,
> is it still possible to verify the integrity of the signed file,
> even though one cannot verify the authenticity
No.
David
More information about the Gnupg-users
mailing list