Thanks Werner!
I tried with -v --debug hashing and the content for hashing was not
printed, is there another flag I need to use?
For reference, this was a good sig:
gpg: reading options from '[cmdline]'
gpg: reading options from '/Users/<redacted>/.gnupg/common.conf'
gpg: enabled debug flags: hashing
gpg: enabled compatibility flags:
gpg: using subkey B67EB1E57374A315 instead of primary key 6E628CC4145FD2ED
gpg: writing to 'data.txt.asc'
gpg: RSA/SHA256 signature from: "B67EB1E57374A315 <redacted>"
gpg: secmem usage: 1344/32768 bytes in 2 blocks
signature was
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEG34w4o9D0vlGnPYqtn6x5XN0oxUFAml6SJwACgkQtn6x5XN0
oxXMrgf9HQbhUZZUp+pPHSpT5Rw3GvnJLH5Sq5KUtmEYs0PArjwNN86OeHN+EENd
f5F2PXHCTtNgY4OKibm5iJWO1qsCVKJeg/nhdqdx6xLuskAzBi5ogKJOfORSYKpY
vLvRWbK55ag4iZqxeLJHrt6Chu9qsdlPyWMptzSQGlX2+9fVybmghdthFiUUOoBk
FZDXuH1s30pUha7h4mNAn52A3P8pIpqX4f46vRTCYqjTtRuc1bXotQFvcmv8WmP+
URcluMyQc4G5eSBGAeTODtgOBTLntvWMbFxLopO9o7HSIiKUNqgJxl6ZtUzbUxQu
hziwl6C2gT+1/OUn16hz1m8cIEkAJA==
=m0Gd
-----END PGP SIGNATURE-----
verification was
gpg: reading options from '[cmdline]'
gpg: reading options from '/Users/<redacted>/.gnupg/common.conf'
gpg: enabled debug flags: hashing
gpg: enabled compatibility flags:
gpg: Signature made Wed Jan 28 11:34:20 2026 CST
gpg: using RSA key 1B7E30E28F43D2F9469CF62AB67EB1E57374A315
gpg: using subkey B67EB1E57374A315 instead of primary key 6E628CC4145FD2ED
gpg: using pgp trust model
gpg: Good signature from "<redacted>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1510 C864 04E2 F6EC A028 71DB 6E62 8CC4 145F D2ED
Subkey fingerprint: 1B7E 30E2 8F43 D2F9 469C F62A B67E B1E5 7374 A315
gpg: binary signature, digest algorithm SHA256, key algorithm rsa2048
gpg: secmem usage: 0/32768 bytes in 0 blocks
result: succeeded
--- John
On Wed, Jan 28, 2026 at 7:19 AM Werner Koch <[email protected]> wrote:
>
> Hi!
>
> On Tue, 27 Jan 2026 15:33, John Soo said:
>
> > Running the following script will often issue a bad signature after
> > only a few rounds:
>
> You may run into problems when mixing stdout and stderr (&>FILE). Also
> please do not use --debug-level guto or any other of those debug
> levels; they are too noisy or don't print what you want.
>
> Always use -v or --verbose and then selected debug flags. In your case
> I would suggest
>
> --debug hashing
>
> which writes files with what was actually hashed for signature creation
> and verification. Compare them.
>
>
>
> Shalom-Salam,
>
> Werner
>
>
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
