detached signatures

Werner Koch wk at
Thu Jan 7 10:19:02 CET 1999

"Juergen A. Erhard" <jae at> writes:

> When verifying a detached signature, it seems gpg absolutely requires
> the detached sig to end in either `.sig' or `.asc'.


> Wouldn't it be better to do some heuristic check here, like

No. This is not a good idea.

>   gpg --verify signature signed-stuff


   gpg --verify detached_signature files_which_are_signed

Only if you leave out files_which_are_signed, gnupg tries to figure
out the corret name by removing ".asc"/".sig".

The --verify is not needed but than gpg will output the message, which
is something you might not want to do - ah right there will be no
output for detached sigs but --verify allows you to specify the the
data which is signed and note that you are able to ollect more than
one file in a signature.

> [1] This code is really not easy to read... and though I'm in favor of
> *more* comments, I don't think it would help *that* much. 

I should write the HACKING file but I don't have tome no - The code is
easy to understand if you have figured out for what these filters are:
They are used to reflect the structure of the data.  Ever looked at
the PGP 2 (very ugly) or PGP 5 (too much directories) code :-)


More information about the Gnupg-devel mailing list