File Signature Verifier improvements
File Signature Verifier
- Fixed a bug where files between 10 and 20 megabytes weren't being read properly (also in Hash & Validate)
- Added clipboard paste support for keys and signatures
- Added support for direct verification links
- Small usability fixes
Direct verification links
Similar to Hash & Validate's direct validation links File Signature Verifier can now create direct URLs for verifying files using a given signature.To use this feature simply load a signature and click on the green link icon that appears next to the signature data.
By default the direct links will also try to fetch the public key corresponding to the signature from the default key server (pgp.mit.edu)
This behavior can be disabled by unchecking the checkbox on the dialog that pops up with the link.
Details on the verification URL format
Header, footer, optional fields, line-breaks and spaces are stripped from the ASCII armored signature. The resulting string is URL-encoded and appended to the URL as an anchor parameter named "s" (Using the anchor ensures that signatures are not leaked towards the server)So for example:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABCAAGBQJUPvAmAAoJEEFvBhBj/uZZNF4H/2bK126yRoWHIBAcaoA4sSc+
Q7dLJvuBmMVWAOCpLtIeQFt1di7HZ0snuzXYgMSYm1if0K3kd3mMNB3Bu3nAex3j
PYAmZARbeTpbf0jQ37ouNrZFn1vJT2KRw23gl25oLjN2W8XappucAIAhvllJCUT8
8MTam7dr4hlie2JdDTiG2atU3Az0sAN13KUNL8/LddxUr33LaZYMkCSqkhzH4NzT
mnrK/5bQa5EmJfqee/qpexHE73cY0DAT+OjpvSgRT5XSWvuzGLIfTpSFzSyApRmD
Bw+knHJ4ju+DHqXwl98O6Cn694oIUgKi6IxDvfE7E22JfG8cvQU1DyWsLj5c4QQ=
=OykB
-----END PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABCAAGBQJUPvAmAAoJEEFvBhBj/uZZNF4H/2bK126yRoWHIBAcaoA4sSc+
Q7dLJvuBmMVWAOCpLtIeQFt1di7HZ0snuzXYgMSYm1if0K3kd3mMNB3Bu3nAex3j
PYAmZARbeTpbf0jQ37ouNrZFn1vJT2KRw23gl25oLjN2W8XappucAIAhvllJCUT8
8MTam7dr4hlie2JdDTiG2atU3Az0sAN13KUNL8/LddxUr33LaZYMkCSqkhzH4NzT
mnrK/5bQa5EmJfqee/qpexHE73cY0DAT+OjpvSgRT5XSWvuzGLIfTpSFzSyApRmD
Bw+knHJ4ju+DHqXwl98O6Cn694oIUgKi6IxDvfE7E22JfG8cvQU1DyWsLj5c4QQ=
=OykB
-----END PGP SIGNATURE-----
becomes:
When opened the tool will populate the signature and immediately attempt to fetch the corresponding key from the default key server unless the "fetch" parameter is set to "no".
As always feel free to send your suggestions, bug-reports or comments to toolsmith@toolsley.com