Detached signature ambiguity
Werner Koch
wk at gnupg.org
Tue Nov 11 12:09:48 CET 2014
On Tue, 11 Nov 2014 11:00, peter at digitalbrains.com said:
> How would the warning be triggered? By the extension of the signature
> file or by existence of a file without the .sig extension, or even some
> other way?
Using an extension is in general not a good idea but in this case we use
it anyway to determine the matching data file. Thus we will use both.
> If the warning is triggered by existence of a file without the .sig
> extension, it does suggest to me that people should not rely on the
> warning and thus always specify both the signature file and the signed
> file on the command line. Because they might infer by absence of the
Indeed, this should always be done. I will also make the
gpgv: assuming signed data in 'xzy'
show up always and not just in verbose mode.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list