Article delegate-en/2541 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2540@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: What's the .sign file for?
10 Feb 2004 14:18:49 GMT Steffen Kaiser <p44eqbdyi-mnvdjl634rfr.ml@ml.delegate.org>


On Tue, 10 Feb 2004, Yutaka Sato wrote:

> On 02/09/04(22:51) you Steffen Kaiser <p44eqbdyi-mnvdjl634rfr.ml@ml.delegate.org>
>  |what's the delegate**.tar.sign file for? It is not recognized by the gpg
>  |--verify *.sign, for instance.
>
> It is a string representing "delegateX.Y.Z.tar MD5(delegateX.Y.Z.tar)"
> signed with my RSA private-key.  You can get the verified plain text
> using DeleGate (in which my public-key is embedded, after DeleGate/8.9.0)
> like this:
>
>   % delegated -Fverify delegate8.9.1.tar.sign
>   delegate8.9.1.tar 913a71c69558ecdfaa587f142f191cda

Hmm, OK. It's not in the docs -- at least I didn't found it.
I had expected a PGP signature, as it is wide spread and does not have the
hen-and-egg problem (you need a compiled & running delegate before you can
verify its correctness -- the same applies to gpg by itself, but most
systems come with a trustworthy gpg pre-compiled).

Thanks,

-- 

Steffen Kaiser

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V