2 ways of signing files

Neil Williams linux at codehelp.co.uk
Sat Jan 15 19:18:30 CET 2005

On Saturday 15 January 2005 5:26 pm, Mark Ivs wrote:
> Hello,
> I would like to know if there are 2 ways of signing.
> Please take a look at the following scenarios.
> Scenario 1:
> I add Blake's public key to my key ring. I can do the
> following 2 steps to edit and sign Blake's public key.
> 1. gpg --edit-key blake at cyb.org
> 2. Command> sign
> This will sign the key.

Yes, the key, not the file.

> So, now I can encrypt the file 
> by doing the following...
> 'gpg --recipient "blake at cyb.org" --output
> $rootpath\\$filepgp --encrypt
> $rootpath\\encrypted\\$datafile`

There is no command there to sign the file, it'll just be encrypted.

You need to specify the -s or -b options etc.

'gpg -s --recipient "blake at cyb.org" --output
$rootpath\\$filepgp --encrypt

> When Blake gets the encrypted file, does it mean that
> the file is also signed?


> Scenario 2:
> I can encrypt and sign by doing the following.
> 'gpg --recipient "XXX" --output $rootpath\\$filepgp
> --sign --encrypt $rootpath\\encrypted\\$datafile`

You've specified --sign so it will be signed.

> Can someone please tell me if scenario 1 and 2 are
> basically doing the same thing?

No. Signing a key is nothing to do with signing a file. Before you sign a key 
you should verify the key under keysigning protocols.

If you just want to sign it to encrypt to it (despite not being able to trust 
it), you can use a local signature. (non-exportable).


Neil Williams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050115/b3282579/attachment.pgp

More information about the Gnupg-users mailing list