Nostr Web Client

I see devs sign their apps in 2 way:

- they sign a hash of the apk, zip etc

- or thr sign directly de apk, zip etc

What is the difference? Why choosing doing an extra step and hashing it first?

By signing the hash it's obvious they and only they acknowledge the .apk, .zip? Am I stupid?

Please Login to reply.

If I could rephrase my Q would be:

- if its good enough to sign the apk/zip, why signing a hash? Isnt it an extra step?

nostr:npub1f3fvhppwgh00u2r0kq320avr984wf6wrupm6f98m4nyqfk0s28dqq03ny6 puso la respuesta correcta AFAIK. Stupid I am.

Esta resouesta de Santochi en X me parece interesante