How to verify a detached signature (gpg2: to exclusive)

Subu maniams at
Mon Jun 15 14:25:37 CEST 2009

On Sun, Jun 14, 2009 at 12:57 AM, Charly Avital - shavital at
< at> wrote:

> gpg2.20.maniams at wrote the following on 6/13/09 12:36 AM:
> [...]
> > 1. How do I find out if a signature file _is_ PGP / GPG compliant
> >
> > 2. Presently I use GPG command line version. With that how do I verify
> > that the original HTML file is not tampered with. A command or set of
> > commands would be most appreciated
> >
> > _Other details : _
> > 3. This sender has so far sent me multiple files with signatures. The
> > data files are named "filename_dd_mm_yy.html" and the signature is
> > always called signature.bin (no date of no identifiable marks). All data
> > files are only signed and not encrypted
> try:
> gpg --verify  [path to]signature.bin  [path to]filename[return]
> Good luck,
> Charly

Thanks for the response. I did try. But GPG cannot verify this file. I get
the following answer

gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.

Probably one of the following two is happening

1. This signature is NOT GPG compliant
2. Probably this signature is GPG / PGP compliant but GPG is unable to
recognise this as a GPG signature

So back to my original question
1. How do I find out if a signature file _is_ PGP / GPG compliant


1.a. Will changing the extension help ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090615/8b0d2a5f/attachment-0001.htm>

More information about the Gnupg-users mailing list