How to detect extraneous content in clearsigned (--clearsign) files?

Werner Koch wk at
Mon Jan 12 11:58:24 CET 2015

On Mon, 12 Jan 2015 03:19, patrick-mailinglists at said:

> Suppose a file has been `--clearsign`ed. Then an adversary pretended or
> appended extraneous content.

That is what the signature is all about ;-).  Use

  gpg --verify --output OUT SIGNEDDATA

to write the _verified_ content of the file SIGNEDDATA to the file OUT.
You also need to check the verification status of course.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list