reply on: The Curious Case of Digital Signatures \ stacker news ~crypto

pull down to refresh

0 sats \ 14 replies \ @ek OP 24 Feb \ parent \ on: The Curious Case of Digital Signatures crypto

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

I still don't get the part when you need to do the checksum or not? 👀

No worries! This means I didn't explain well enough (among other things) 👀

You need to do the checksum stuff when the name of the signature file without .asc at the end is not the same as the software you downloaded.

Examples:

Electrum: Signature is named electrum-4.5.3.dmg.asc and software is named electrum-4.5.3.dmg. This means the software was signed.
Sparrow: Signature is named sparrow-1.8.2-manifest.txt.asc and software is named Sparrow-1.8.2-x86_64.dmg. This means that the software was not signed but Sparrow-1.8.2-manifest.txt.

So it depends on what was signed. You can sign anything. Like I just signed this message. Try to verify the signature :)

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEER3BdefVXE2Q1VvSZ7Ow39o+3M5gFAmXaJGUSHGVrenlpc0Bl a3p5aXMuY29tAAoJEOzsN/aPtzOYTCIP/1pMj/AJGDa3BKXDbB7Uc5lZ5agsPlTw 0p+eP9zIFUdcFNNTF5UZRi/QJn2deD/9fkSG/cBcTE0wH7cK0HRNl+fQ3balNOta ublTjOnbEEp+2LcAoxfbjvvywjxW9QL7N9JLJ5yOfrLUpWS0w8OM6u5Z+gPBsYGG NaJyigh7cSAx/uAgNMFKA+aidGaqG+oBGtK2xxqdj2T0kukydc2l2sl40/sotRB/ Q+4xmOrg0o+dXXAiorlgFaX8o+bPKk1O4bnDFClQW+m3/PajWEJaOGS50KD2kbmi GweFZSooAgkzH4t5WRoTLtzdAqu5oM5idRkklNCJaXSpCYLFrgp6mTLiIOwqG6fd JOSIZQv4h12G210fhNu3k0xr9Y4fXrYM5bH+uH3JUeUATXMIZbx4mN5iIlMLA68r r+9yT43UgHcUFqRxg8SxCPY0CcIAm+djdfvcv3eY1I8HsxEaL/84gS+WqgPmvTZ3 LmX8Tq4lsl7lVy46efaFxP2yXU4hCriWlfuIf/7/ddgiwdKxiFHBzHzbuWcGdq9Z x2hbFAIMj3850IpkTPLlfYypFmvniLqEEWK38Lb3518m/+Bv40gJFwAimPXgZUK6 6TJqKEchtk71J8KabB2bLCHae0AVj1mOFx3z890pU5gmoQXDEhWZ6gz8wVTzN5zY PVfJJYgeWN/s =oo4+ -----END PGP SIGNATURE-----

473 sats \ 13 replies \ @Natalia 24 Feb

deleted by author

0 sats \ 12 replies \ @ek OP 24 Feb

But how can I verify that you verified 👀

Maybe I just need to trust you :)

473 sats \ 11 replies \ @Natalia 24 Feb freebie

updated 👀 this is so much fun!

0 sats \ 10 replies \ @ek OP 24 Feb freebie

this is so much fun!

Oh yeah? Then verify this haha:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

verified, signed from the

Now I also understand why GPG replaces "-" with "- ". Seems like it wants to prevent confusion with its own markers like

-----BEGIN PGP SIGNATURE-----

Interesting 👀