strokeprone Posted June 29, 2016 Share Posted June 29, 2016 Hi, maybe this is a dumb question, but here goes. How does including a signed .asc file in the 7zip archive verify the integrity of the whole archive? I mean, couldn't a bad guy just copy the .asc file into a new archive? Link to comment Share on other sites More sharing options...
zador.blood.stained Posted June 29, 2016 Share Posted June 29, 2016 How does including a signed .asc file in the 7zip archive verify the integrity of the whole archive? I mean, couldn't a bad guy just copy the .asc file into a new archive? .asc file is a digital signature for .raw image (maybe you confused it with a public key), it is generated for each file individually after building, and it can be used to verify both file integrity and origin. You may want to read something like this and this to understand it better. 1 Link to comment Share on other sites More sharing options...
strokeprone Posted June 29, 2016 Author Share Posted June 29, 2016 (edited) I see, the .asc file is a "detached signature" and the name of the signed file is derived from the name of the signature file. So, it was indeed a dumb question, I just needed to read the gpg man page. Well, I learned something today -- sorry to have wasted your time in the process. Strokeprone. Edited June 29, 2016 by wildcat_paris no dumb question here when you learn and share 1 Link to comment Share on other sites More sharing options...
Recommended Posts