Closed netmackan closed 5 years ago
For the record, not including the SPC_SP_OPUS_INFO structure has no impact on the validation of the SHA-512 signatures (tested on Windows 10). But for some obscure reason the <<<Obsolete>>>
string in SpcLink
derails the validation of the SHA-512 signatures only.
I've just figured out why the SHA-512 signatures are invalid with the <<<Obsolete>>>
string, more details in #66.
Way to reproduce:
Note that redoing the same steps but with SHA-256 or SHA-384 the signature is accepted. Edit: Initially I thought the issue was missing program name and/or URL but it later turned out to not be the only issue.