pull down to refresh

0 sats \ 14 replies \ @ek OP 24 Feb 2024 \ parent \ on: The Curious Case of Digital Signatures crypto
used wrong GPG secret key above, lol
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I still don't get the part when you need to do the checksum or not? 👀
No worries! This means I didn't explain well enough (among other things) 👀
You need to do the checksum stuff when the name of the signature file without .asc at the end is not the same as the software you downloaded.
Examples:
  1. Electrum: Signature is named electrum-4.5.3.dmg.asc and software is named electrum-4.5.3.dmg. This means the software was signed.
  2. Sparrow: Signature is named sparrow-1.8.2-manifest.txt.asc and software is named Sparrow-1.8.2-x86_64.dmg. This means that the software was not signed but Sparrow-1.8.2-manifest.txt.
So it depends on what was signed. You can sign anything. Like I just signed this message. Try to verify the signature :)
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEER3BdefVXE2Q1VvSZ7Ow39o+3M5gFAmXaJGUSHGVrenlpc0Bl a3p5aXMuY29tAAoJEOzsN/aPtzOYTCIP/1pMj/AJGDa3BKXDbB7Uc5lZ5agsPlTw 0p+eP9zIFUdcFNNTF5UZRi/QJn2deD/9fkSG/cBcTE0wH7cK0HRNl+fQ3balNOta ublTjOnbEEp+2LcAoxfbjvvywjxW9QL7N9JLJ5yOfrLUpWS0w8OM6u5Z+gPBsYGG NaJyigh7cSAx/uAgNMFKA+aidGaqG+oBGtK2xxqdj2T0kukydc2l2sl40/sotRB/ Q+4xmOrg0o+dXXAiorlgFaX8o+bPKk1O4bnDFClQW+m3/PajWEJaOGS50KD2kbmi GweFZSooAgkzH4t5WRoTLtzdAqu5oM5idRkklNCJaXSpCYLFrgp6mTLiIOwqG6fd JOSIZQv4h12G210fhNu3k0xr9Y4fXrYM5bH+uH3JUeUATXMIZbx4mN5iIlMLA68r r+9yT43UgHcUFqRxg8SxCPY0CcIAm+djdfvcv3eY1I8HsxEaL/84gS+WqgPmvTZ3 LmX8Tq4lsl7lVy46efaFxP2yXU4hCriWlfuIf/7/ddgiwdKxiFHBzHzbuWcGdq9Z x2hbFAIMj3850IpkTPLlfYypFmvniLqEEWK38Lb3518m/+Bv40gJFwAimPXgZUK6 6TJqKEchtk71J8KabB2bLCHae0AVj1mOFx3z890pU5gmoQXDEhWZ6gz8wVTzN5zY PVfJJYgeWN/s =oo4+ -----END PGP SIGNATURE-----
write
preview
473 sats \ 13 replies \ @Natalia 24 Feb 2024
deleted by author
reply
0 sats \ 12 replies \ @ek OP 24 Feb 2024
But how can I verify that you verified 👀
Maybe I just need to trust you :)
reply
473 sats \ 11 replies \ @Natalia 24 Feb 2024 freebie
updated 👀 this is so much fun!
reply
0 sats \ 10 replies \ @ek OP 24 Feb 2024 freebie
this is so much fun!
Oh yeah? Then verify this haha:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

verified, signed from the @ek who taught me about PGP. 😎
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEA0IF2zsVA57DXnY67ygEF1PLI20FAmXaJqQACgkQ7ygEF1PL
I23F3g/9HGklWN5LvyiF+dtyFtWoSfRJQKVVlTgoF3IAq3CDP8/a7YTF3FhtF8LS
7hH0lDS6nZ1URRGbxckoMeDIdXySkXDWYz+mXzrCpFmMiu73cgdvU1g/XHuCeG9b
ugG1mK4VN7HlnzakDc9XBpsaB3dMc2LiFoI/jGqIkdASo5rxccQ1k946weTTUUWq
Ygkf0lsRhz0l1bbRVc3eoMp5az0kxKMDY2readQz5gr9UkRmiPc5IQZTlELcQhxK
+HiuJ/DhyvFnA0++YIOrgR91SuK/VYgBZUMeySqaddz1K4RH+QvlweWXg4Scqapn
6BtRQPuO81s7juIZt/XjibQD/bsV0r5iOlb10C1BWRT9Btbe3X4s6nm9AaNmUaPL
YyoU78+BnQlWUck2I2+djktU6wbod7fCiOCyrrA5vE6UPB/ONLprou7lOXWLsobO
lqjaEzIZF5vqBxrpUuoJzHNsMOQ1Ane0oV4s8lXH7q2Zqkl99vfnnCd4/pQqZO72
8ZNtIrs/QAUpLjtyH7lY9fND6QXl97NEMVmhhM5Iz/mLSvYPo/PbLCaBJwZV+ky3
5rIXleM4KqvD/IgsrZNRwe9UMM7tBWylw/QERgW0vwVZvUMUApL5+oaYPSNwGpzl
S0XG+eX6lK4HSifEpxLHlLPbSNCtU9srnz6rK2giKYQvD6JBc5c=
=IQfZ
- -----END PGP SIGNATURE-----

gpg: Signature made Sat 24 Feb 2024 06:25:56 PM CET
gpg:                using RSA key 034205DB3B15039EC35E763AEF28041753CB236D
gpg: Good signature from "Natalia <Natalia@geoarbitrage.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0342 05DB 3B15 039E C35E  763A EF28 0417 53CB 236D

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEER3BdefVXE2Q1VvSZ7Ow39o+3M5gFAmXaKHASHGVrenlpc0Bl
a3p5aXMuY29tAAoJEOzsN/aPtzOYw9AQAJJOUccgJGAAyGtWNrH188nh+9JyDF4X
0ltbOxGSi7uX/4IFHc64Ja4vdN6h/Lfi/2mx/GgMSMm9JFVbmOB8wRaY5uJyMBcd
NzmJ4rSOLshUhWep6tZDMY+uIQ1k0dcYRD/Ka02GZLyaT65r2mcLj247jYlgcQwc
8KSemqsMr24n97jnb4BHTCtD1VhWe9bICeFhjH6utM9i5bGb2ZcSnrr675DaK5Vm
NTM7AXhmAUm7lpy4/pLz5aN8ZMz5KeRGbwAXuV7vKN89xxC6FBQ9kzjZPgF2rczI
6pobV3htgP9Cw6eaGp7UuSkJWaGkbvawNpAg7WeBjL/SROOTPUDCQaDYICXWbayL
P5XBWuJFBG+HFl+KfA3501+0LMywS6Eijkfr4k4fWLg3C8vXRxQlCkCA/tRtC1kc
sJWq63ZQ5kpin0qp5suHfHWzV986ylRt/2Lbu1BjHZ0aEJDmJty8pr5Sl1h4TNjg
ac8g5siibrzqFWLY9P3r60Fp1+ImcW6JEjOeZ+qrTnEhDqAPBA9AaY7WHl8iXuMJ
EcgOX5UEyP+c2WLqb9qNOubSirdsvpIgJ/awU2A7S2CejOqOVoWIjo1ukfFpuch0
1zC6LTXC2vi+1eJWsFMI8O/0zAFWt8dLk+qyZIL9F3/WEt/P+gVUzGlU/Z0fwNwv
emZ9Knb6c9g9
=41ds
-----END PGP SIGNATURE-----
Now I also understand why GPG replaces "-" with "- ". Seems like it wants to prevent confusion with its own markers like
-----BEGIN PGP SIGNATURE-----
Interesting 👀