Nick Wilson <[EMAIL PROTECTED]> [08 Jan 2002 21:35 +0100]: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > [body of message here] > > [sig here] > > It's supposed to just be signed. Is there a need for that top bit?
The "digital signature" is, I believe, a SHA1 hash of the message content, encrypted using your private key. The hash is a checksum; the -----BEGIN PGP SIGNED MESSAGE----- is important to recompute the checksum for verification. That's my recollection of PGP/GPG...I'm likely wrong in detail. -- http://www.epic.org - Electronic Privacy Information Center
msg22649/pgp00000.pgp
Description: PGP signature
