search

Blockstream / green_qt

Blockstream Green App
GNU General Public License v3.0
218 stars 34 forks source link

SHA512 --> SHA256 #101

Open keith-gardner opened 11 months ago

keith-gardner commented 11 months ago

Description

For 1.2.9

$ shasum -a 256 BlockstreamGreen_MacOS_x86_64.zip 1b8589bc997016087ba27ef28f2026626834c91af525ca88bd3841bafcbe4c06 BlockstreamGreen_MacOS_x86_64.zip

Matches SHA256SUMS.asc

$ shasum -a 512 BlockstreamGreen_MacOS_x86_64.zip 4b211ed4a65b9eb276391ed464f83b07041bae1ce94b9bb5dc534ed824541ce89ae57c745f2b386f3520eda1341a7d6cb427c256604ca14a08c24660f1c34831 BlockstreamGreen_MacOS_x86_64.zip

Does not match

Version

1.2.9

Steps to reproduce

Just run shasum -a 512 vs 256.

What do change?

The SHA256SUMS.asc should say SHA256, not SHA512.

atcz commented 2 days ago

The SHA512 refers to the PGP signed message, not the contents of the message. You should be verifying the PGP message, and using the verified output to compare the SHA256. The verified output only contains the 4 lines with the hashes and filenames.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512