File Extensions supported by GnuPG

Josh Cepek josh.cepek at
Thu Jul 17 07:51:26 CEST 2008

Bhushan Jain wrote:
> Hi,
> I just want to know if there is some standard used by GnuPG  in terms of 
> extensions so that if I create an encrypted file or only signed file or 
> signed and encrypted file using my own program, then the respective 
> files would be compatible to GnuPG.

By convention the extension .gpg is used for encrypted/binary data and 
.asc or .sig is used for detached or clearsign signatures.

The extension doesn't really matter since it is only by convention that 
these extensions are used. However, it is recommended to use .sig or 
.asc for signatures and .gpg for binary data (such as encrypted files) 
so the recipient knows what to expect.  In addition, when verifying, GPG 
expects the source data in a file without the .asc or .sig extension 
(otherwise you usually have to point GPG to the source data to verify 
against.)  For all GPG cares you could use .jpg for the file extension 
of signed/encrypted data (but I highly recommend against this!)

> Please suggest me the extensions I should use for the following file 
> types:-----------------

I've indicated the default file extensions below with a short gpg 
example that generates files with these defaults. I've used 
"--default-recipient-self" to cause any encryption operation to encrypt 
to your own key.

>   1. Encrypt only
.gpg is the conventional extension, and is automatically used as in the 
following command:
`gpg -e --default-recipient-self test_file.txt`

>   2. Sign only
For creating a detached signature the extensions .sig or .asc are 
standard with .sig being the gpg default as in the following sample:
`gpg --detach-sign test_file.txt`

When using clear text signatures (where ASCII armored text denotes the 
start and end of the original message and signature elements) .asc is 
the default extension as in the following sample:
`gpg --clearsign test_file.txt`

When used only with the --sign option the original data will be included 
in the binary result and the default extension is .gpg

>   3. Encrypt and sign
The conventional extension for a signed and encrypted messages is .gpg 
and the resulting file will contain both the encrypted message as well 
as the signature. The following example will create a signed & encrypted 
.gpg file:
`gpg -s -e --default-recipient-self test_file.txt`

> Also if I create my own extensions say 3 different extensions for the 
> above 3 type of files then will the encrypted files be compatible with 
> GnuPG?
> If not which are the extensions the GnuPG would be compatible with?
As long as you call GPG in a valid manor you can use any extension you 
want, although I'd suggest using the conventional extensions for ease of 
use and best understanding.

Also note that OS's that operate on a file based on its extension (such 
as Windows) may take different actions depending on the extension in use.

> Thanks,
> -------------
> Bhushan

Hope this helped!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080717/d67438d2/attachment.pgp>

More information about the Gnupg-users mailing list