[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE

From: Samuel Tardieu
Subject: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE
Date: Thu, 22 Jan 2004 19:55:34 +0100
User-agent: T-gnus/6.16.2 (based on Gnus v5.10.2) (revision 02) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (SAKAKI)

>>>>> "Rob" == Rob Kaper <address@hidden> writes:

> GPG clearly labels what part of a file is signed. If you fetch the
> md5sum summary from outside the boundaries GPG gives you, GPG can't
> help you.


"gpg" (alone) will take the standard input, check the signature, and
output the signed part on the standard output. Using this output to
get the checksums from seems to be the most correct solution.

If you do not wish to check signatures, you can use "cat" instead (or
do not use the .check file at all). If you wish to use X.509, use a
similar command with "openssl". As mentionned in this list already, it
will also demangle content that would have been encoded by GnuPG.

Samuel Tardieu -- address@hidden --

reply via email to

[Prev in Thread] Current Thread [Next in Thread]