How to verify a detached signature (gpg2: to exclusive)
Subu
maniams at gmail.com
Mon Jun 15 14:25:37 CEST 2009
On Sun, Jun 14, 2009 at 12:57 AM, Charly Avital - shavital at mac.com
<+gpg2+maniams+2aaa3b1079.shavital#mac.com at spamgourmet.com> wrote:
> gpg2.20.maniams at dfgh.net wrote the following on 6/13/09 12:36 AM:
> [...]
>
>
> > 1. How do I find out if a signature file _is_ PGP / GPG compliant
> >
> > 2. Presently I use GPG command line version. With that how do I verify
> > that the original HTML file is not tampered with. A command or set of
> > commands would be most appreciated
> >
> > _Other details : _
> > 3. This sender has so far sent me multiple files with signatures. The
> > data files are named "filename_dd_mm_yy.html" and the signature is
> > always called signature.bin (no date of no identifiable marks). All data
> > files are only signed and not encrypted
>
> try:
>
> gpg --verify [path to]signature.bin [path to]filename[return]
>
> Good luck,
> Charly
>
Thanks for the response. I did try. But GPG cannot verify this file. I get
the following answer
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
Probably one of the following two is happening
1. This signature is NOT GPG compliant
2. Probably this signature is GPG / PGP compliant but GPG is unable to
recognise this as a GPG signature
So back to my original question
1. How do I find out if a signature file _is_ PGP / GPG compliant
&
1.a. Will changing the extension help ?
regards
maniams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090615/8b0d2a5f/attachment-0001.htm>
More information about the Gnupg-users
mailing list