pull down to refresh
deleted by author
reply
deleted by author
reply
reply
did you use a new key to sign that?
No, I just used
gpg --clearsign
. I just hoped it would pick the right key haha.Due to the markdown formatting, it might get tricky, but you should be able to use go to #437477/edit to see the raw formatting.
edit: Oh no, it picked a wrong GPG secret key 🙈
Will post new message with my ekzyis@ekzyis.com GPG key
reply
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I, @ek, author of The Curious Case of Digital Signatures, a post that received 20k+ sats on SN, the first of his nym, hereby vouch for the GPG skills of @Natalia, the first of her nym (on SN at least), a stacker with multiple good posts on SN (see profile), one even in the all-time top posts (at the time of writing this).
May the force of verifying digital signatures be with her forever.
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEER3BdefVXE2Q1VvSZ7Ow39o+3M5gFAmXaJRUSHGVrenlpc0Bl
a3p5aXMuY29tAAoJEOzsN/aPtzOYGB8QAL2x1Cnrv4K9U/FcbmbFt/2XNEHNGcus
PYgMI7JFmUlGQlMkVetQhtPyeaWsbwdAN3yzljTpNEA6nTykkfsY+V6QrJD59J62
Lg1c5ENr7kkjE5dZLPGzsHpzi5KA6nUUjWKhBLOQavnPkSeo28zy4wa9kRYvmm21
qNCA81Eo5CZKR4T9JMJU6ShvGgZRC+UnfSJXIoYVwnvqQ8DJ/8OIxuEk/vd6cQYw
rgLEiVCWwccE0zdJSzgktHPFxoB84ZG4q5gJXeD81l/BwGMyY3N9j9dOjhDtmzEy
HjUO6P+ltktzRYNUzanzXKEZAGbugcbO+Nv3DrCzBcNp360hmeHR5WXHyo9W6knW
uOp6qyeUoHzEDPTvIaZfJCopZ0kWl3w3RK19R172EEuG/V51TZ4GIzGG6QDNGQM5
SMbZGEIdobdcAY8zk1I8eC2uUrYOORuXFWZANQrU+rS9+BwstbFRDBcX9v7bFp+Y
Gf2xzTpPjj2KIWi3hXDhZ/9VfseIWxNBu/hir4c38GUDzHDmSIVKtTBu4+OGDmYw
J/okXZPF1qz6tHy47vPmHdHcGo7fhENL8iFvW0x7m3b3Ce8m2NviE4YPl8DC1igw
5aJrsFk3F2e81j8b8SaDGYeSwjuMXNryNccrJfITih0sZMXokIzAVr1LfCaRfgLp
BcYN2WurK4qy
=8itW
-----END PGP SIGNATURE-----
reply
reply
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I still don't get the part when you need to do the checksum or not? 👀
No worries! This means I didn't explain well enough (among other things) 👀
You need to do the checksum stuff when the name of the signature file without .asc at the end is not the same as the software you downloaded.
Examples:
- Electrum: Signature is named
electrum-4.5.3.dmg.asc
and software is namedelectrum-4.5.3.dmg
. This means the software was signed. - Sparrow: Signature is named
sparrow-1.8.2-manifest.txt.asc
and software is namedSparrow-1.8.2-x86_64.dmg
. This means that the software was not signed butSparrow-1.8.2-manifest.txt
.
So it depends on what was signed. You can sign anything. Like I just signed this message. Try to verify the signature :)
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEER3BdefVXE2Q1VvSZ7Ow39o+3M5gFAmXaJGUSHGVrenlpc0Bl
a3p5aXMuY29tAAoJEOzsN/aPtzOYTCIP/1pMj/AJGDa3BKXDbB7Uc5lZ5agsPlTw
0p+eP9zIFUdcFNNTF5UZRi/QJn2deD/9fkSG/cBcTE0wH7cK0HRNl+fQ3balNOta
ublTjOnbEEp+2LcAoxfbjvvywjxW9QL7N9JLJ5yOfrLUpWS0w8OM6u5Z+gPBsYGG
NaJyigh7cSAx/uAgNMFKA+aidGaqG+oBGtK2xxqdj2T0kukydc2l2sl40/sotRB/
Q+4xmOrg0o+dXXAiorlgFaX8o+bPKk1O4bnDFClQW+m3/PajWEJaOGS50KD2kbmi
GweFZSooAgkzH4t5WRoTLtzdAqu5oM5idRkklNCJaXSpCYLFrgp6mTLiIOwqG6fd
JOSIZQv4h12G210fhNu3k0xr9Y4fXrYM5bH+uH3JUeUATXMIZbx4mN5iIlMLA68r
r+9yT43UgHcUFqRxg8SxCPY0CcIAm+djdfvcv3eY1I8HsxEaL/84gS+WqgPmvTZ3
LmX8Tq4lsl7lVy46efaFxP2yXU4hCriWlfuIf/7/ddgiwdKxiFHBzHzbuWcGdq9Z
x2hbFAIMj3850IpkTPLlfYypFmvniLqEEWK38Lb3518m/+Bv40gJFwAimPXgZUK6
6TJqKEchtk71J8KabB2bLCHae0AVj1mOFx3z890pU5gmoQXDEhWZ6gz8wVTzN5zY
PVfJJYgeWN/s
=oo4+
-----END PGP SIGNATURE-----
reply
deleted by author
reply
But how can I verify that you verified 👀
Maybe I just need to trust you :)
reply
updated 👀 this is so much fun!
reply
this is so much fun!
Oh yeah? Then verify this haha:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 verified, signed from the
Now I also understand why GPG replaces "-" with "- ". Seems like it wants to prevent confusion with its own markers like
-----BEGIN PGP SIGNATURE-----
Interesting 👀
YesYou just summarized my post with a few words haha