Can I see the checksum when I sign/verify a file?
David Shaw
dshaw at jabberwocky.com
Thu May 4 17:10:43 CEST 2006
On Thu, May 04, 2006 at 10:42:27AM -0400, feitao wrote:
> Hi,
>
> I wonder if I can actually see the sha1/md5 checksum when I sign/verify a
> file. That is, when
> gpg -s -e somefile
> gpg -d somefile.gpg
> is there an option to print out the checksum when signing/verifying the
> file? (not --print-mds to calculate it again)
There isn't. Note that the hash that is used when making a signature
is not the same one that you'd get when using something like
--print-md anyway. There are timestamps, subpackets, etc, in the hash
used in the signature. --print-md is a raw hash of just the file.
> And how can I choose the hash method (sha1 or md5) when signing?
--personal-digest-prefs takes a list of hash algorithms. It will pick
the first one that is usable for your signature type.
Don't use md5.
David
More information about the Gnupg-users
mailing list