On 10.09.2009 03:51, William A. Rowe, Jr. wrote: > William A. Rowe, Jr. wrote: >> Rainer Jung wrote: >>> Signing good, hash files are in a format at least my md5sum and sha1sum >>> do not understand how to check. >> >> Can anyone point out what I'm doing wrong with 'gpg --print-md md5'? Am I >> missing some magic flag, or is the idea of using gpg to create hashes simply >> broken? > > FYI; > > $ gpg --version > gpg (GnuPG) 1.4.9 > > ... in case that is significant.
It seems there's no fix for this. gpg and md5sum/sha1sum are not compatible in their format (though obviously they produce the same checksum). Some people seem to indicate, that the implementation of pgp is safer, on the other hand md5sum etc. have a builtin check option (-c), so you can run them directly against the checksum file to compares the checksum in the checksum file with a freshly computed checksum of the base file. This seems handy to me. It looks like gpg is not able to do that, i.e. you have to compare the sums by staring at them. Of course with gpg you can check using the signature file. Regards, Rainer
