file extension confusion: --clearsign makes binary .asc

Werner Koch wk at
Thu Jul 25 21:14:22 CEST 2013

On Thu, 25 Jul 2013 19:31, hans at said:

> "less" does a pretty good job of figuring out what is a binary or not, and

Less is a tool to display data to users.  And that is its only purpose.
GPG is a too to sign or encrypt data and not to display it to users.
Thus it should stay away from too much cleverness.

> issues its warning based on it.  I think something similar would make stuff
> like this in gpg much less confusing.  It would allow gpg to add the file
> extension that makes the most sense, and then in turn when people use that
> file, the format will be better described by the file extension.

The usual way you use tools in Unix is in a pipeline.  Here a suffix
does not make any sense.  This is the reason why Unix tools shall not
care about them.

> It may seem like a trivial issue to many, but its stuff like this that makes
> PGP hard to use for most people.

CMS/X.509 is not different.  There is even no agreement on a de-facto
standard suffix for certificates.

In any case, the use of --clearsign has long been deprecated because it
has too many problems.  For example the user needs to know the structure
of the mail to decide what has actually been signed (armor headers are
for example not signed).

For any new application I would suggest to use a detached signature.
Only detached signatures make it pretty clear what has been signed.  If
that is not possible MIME is a well specified way to convey data along
with meta data.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list