How to verify a detached signature

gpg2.20.maniams at gpg2.20.maniams at
Mon Jun 15 14:26:59 CEST 2009

On Sun, Jun 14, 2009 at 12:57 AM, Charly Avital - shavital at  wrote:

> gpg2.20.maniams at wrote the following on 6/13/09 12:36 AM:
> [...]
> > 1. How do I find out if a signature file _is_ PGP / GPG compliant
> >
> > 2. Presently I use GPG command line version. With that how do I verify
> > that the original HTML file is not tampered with. A command or set of
> > commands would be most appreciated
> >
> > _Other details : _
> > 3. This sender has so far sent me multiple files with signatures. The
> > data files are named "filename_dd_mm_yy.html" and the signature is
> > always called signature.bin (no date of no identifiable marks). All data
> > files are only signed and not encrypted
> try:
> gpg --verify  [path to]signature.bin  [path to]filename[return]
> Good luck,
> Charly

Thanks for the response. I did try. But GPG cannot verify this file. I get
the following answer

gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

*Probably *one of the following two is happening

1. This signature is NOT GPG compliant
2. Probably this signature is GPG / PGP compliant but GPG is unable to
recognise this as a GPG signature

So back to my original question
1. How do I find out if a signature file _is_ PGP / GPG compliant


1.a. Will changing the extension help ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090615/51870688/attachment-0001.htm>

More information about the Gnupg-users mailing list