understanding GnuPG "--clearsign" option
Martin T
m4rtntns at gmail.com
Mon Aug 12 10:40:35 CEST 2013
Hi,
one can sign the message with "--clearsign" option which adds ASCII
armored(Radix-64 encoding) "PGP signature" at the end of the text.
This "PGP signature" contains the UID of the signer, timestamp and key
ID. However, two questions:
1) Where is the UID of the signer, timestamp of the signature and
signer key-ID stored? If I execute "gpg2 --verify file.asc", then I'm
able to see the UID of the signer, timestamp and signer key-ID, but if
I decode the Radix-64/base64 data back to binary(base64 -d) and use
"hexdump -C" to analyze this data, I do not see the UID, timestamp or
signer key-ID.
2) What exactly is this "PGP signature"? Is it a SHA1 hash of the
message which is encrypted with my private key and then ASCII armored?
regards,
Martin
More information about the Gnupg-users
mailing list