Fwd: Re: Issue with --sign option

Henry Hertz Hobbit hhhobbit at securemecca.net
Mon Aug 19 11:38:01 CEST 2013

I am supplying this so people know what I sent to
Ashish personally.  Will it help?  I don't know but I
hope so.  If you know everything there is to know about
how the optional arguments are handled on 'nix systems
you may want to delete this message.

I assume secmem and and any other things that are going
wrong are already in the archives some place.  Actually
the secmem messages are just bothersome and won't cause
any problems.

-------- Original Message --------
Subject: Re: Issue with --sign option
Date: Sun, 18 Aug 2013 16:18:54 +0000
From: Henry Hertz Hobbit <hhhobbit at securemecca.net>
Reply-To: hhhobbit at securemecca.net
To: Tiwari, Ashish <Ashish.Tiwari at williams.com>
CC: hhhobbit at securemecca.net

On 08/18/2013 03:04 AM, Tiwari, Ashish wrote:
> Still not working.
> Saying Inavlid OPtion -sign.
> Regards,
> Ashish Tiwari

Of course it is invalid.  You do NOT use "-sign".  You use
single dashes only for single letter arguments.  The way you
have it with just a single dash the only valid interpretation
is that it considers it a short hand for "-s -i -g -n".  IOW,
here is what "-sign" could mean but it seems to be nonsense:

-s  (same as --sign)
-i  (same as --interactive to prevent overwriting files)
-g  NO SUCH OPTION - this is what it is complaining about?
-n  (same as --dry-run which means don't make any changes)

>From your previous output gpg/gpg2 seems to be attempting a
correction of what you are doing with a best guess.

gpg and gpg2 just use the standard way that all 'nix commands
are done.  If you want to do a sign, either use the short-hand
"-s" or "--sign" (NOTE THE DOUBLE DASHES) which are equivalent.
If you want a sequence of letters to be an atomic unit to a
command on 'nix systems, then you always precede them with a
double dash rather than a single dash.  Example: these commands
for ls  do the same thing:

$ ls -lF
$ ls -l -F

But even ls has double dash atomic multi-character options
with these being just some of them:

--ignore-backups  (chops off files ending with ~)
--color=never  (I do not like color in ls)
(STYLE could be iso for example to chop off the year)

gpg or gpg2 are doing the same thing as ls and all other
GOOD 'nix commands do as the man pages show:


We expected you to know this before you used gpg on a 'nix
system since it is the way ALL of the commands work on 'nix
systems if they are doing it the standard way (there are
some commands that are not standard which makes you think
it must be an English thing - the exceptions to the rules).

Get somebody else to translate this for you if English and
'nix commands are not your native languages.  That is
especially true for the 'nix commands since that seems to be
what is wrong here.  Also, just use the files where they are
at.  An example is me signing the file gnats.txt in /tmp.
An actual sample usage should be highly instructive:

$ cd /tmp
# the next line has the same meaning as the line after it
# gpg --default-key C83946F0 -s gnats.txt
$ gpg --default-key C83946F0 --sign gnats.txt
# I have to type my key passphrase here
$ gpg --verify gnats.txt.sig
gpg: Signature made Sun 18 Aug 2013 02:53:09 PM UTC using RSA key ID
gpg: Good signature from "Henry Hertz Hobbit <hhhobbit at securemecca.net>"
gpg:                 aka "Henry Hertz Hobbit <hhhobbit at securemecca.com>"

The point is that both gnats.txt and gnats.txt.gpg are NOT in
my ~/.gnupg key-ring folder but in /tmp.  Unless you need the output
files some place else you should just put them in the current folder
as where the base file is.  For --clearsign you may want the output
file to be some place else since it modifies the base file.  But
I suggest some place like ~/tmp (be sure to create the folder first).
Why did I use /tmp?  That is where the file gnats.txt file is and
it will remain there until the machine reboots and /tmp is completely

Comprendez vous, n'est-pas?

PS  And here I thought you may have been referring to the secmem
    warning.  You have at least two methods for getting rid of
    of the secmem warnings.  One thing at a time.

More information about the Gnupg-users mailing list