detached signatures
Juergen A. Erhard
jae at ilk.de
Tue Jan 5 17:13:08 CET 1999
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When verifying a detached signature, it seems gpg absolutely requires
the detached sig to end in either `.sig' or `.asc'.
Now this might be intentional... but I plan to sign tarballs of my
projects with gpg and pgp, and I'd like to have these on the net as
someproject.tar.gz.gpg
someproject.tar.gz.pgp2
someproject.tar.gz.pgp5
(and, of course, one someproject.tar.gz ;-)
Well, I looked at the code some, but didn't find[1] where gpg goes
From detached signature filename to `signed stuff' filename.
Wouldn't it be better to do some heuristic check here, like
If it does end in .sig, or .asc, try removing these.
If not, or no file has been found, try removing the
extension... until either nothing is left or some file is found.
I think pgp 5.0 does it the correct way... but that dummy doesn't
allow for
gpg --verify signature signed-stuff
(Here pgp 2.6 is better... it doesn't even need --verify).
Anyway,
Bye, J
[1] This code is really not easy to read... and though I'm in favor of
*more* comments, I don't think it would help *that* much.
- --
Jürgen A. Erhard eMail: jae at ilk.de phone: (GERMANY) 0721 27326
MARS: http://members.tripod.com/~Juergen_Erhard/mars_index.html
George Herrimann's Krazy Kat (http://www.krazy.com)
"No matter how cynical I get, I can't keep up." -- Bruce Schneier
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.0 (GNU/Linux)
Comment: For info see www.gnupg.org
iEYEARECAAYFAjaSOhQACgkQ+EdE6uFQHp/HmgCgsi/q5YwBM9Ia3+2JH98HtPkW
3zIAoKejMUh5IxE8S3ikfkGHNfl74z5Q
=aq3o
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list