file extension confusion: --clearsign makes binary .asc

Hans-Christoph Steiner hans at
Thu Jul 25 17:05:41 CEST 2013

On 07/25/2013 10:25 AM, Werner Koch wrote:
> On Tue, 23 Jul 2013 02:20, hans at said:
>> I'm sorting thru the GnuPG file extensions these days.  One thing I just
>> noticed is that "gpg2 --clearsign icon.png" creates a binary file called
>> "icon.png.asc".  The signature is ASCII but the rest is still the plain old
>> binary.  Shouldn't that file be .gpg or .sig?
> The .asc suffix indicates that this is a human readable file and as such
> could be directly send using email or

Right, so when you do --clearsign without --armor on a binary file, the
resulting file is all binary, except for the signature part.  That means it is
neither human readable nor can be sent directly using email.  So in that
situation, the .asc file extension does not make sense.

> The .sig indicates a binary detached signature.
> The .gpg is GnuPG's version of .pgp and indicates a binary format.
> The use of the suffixes stems form PGP 2.  I used them to make migration
> easier.  Well, except for the self-advertising .gpg suffix.
> GPG does not care about the suffix, but uses the content to decide which
> type of file it is.

How can you use gpg2 or gpgme to detect the contents of a .gpg file?  I'm
trying to do that right now.  From everything that I've seen in gpg2 and
gpgme, you need to manually specify the operation to do on the .gpg file, i.e.
"gpg2 --import" or "gpg2 --decrypt".  I want GPG on Android to be able to
receive a .gpg file and then do the right thing without the user having to
tell GPG that the .gpg file is keys, encrypted content, a signed file, etc.


PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Gnupg-devel mailing list