How to sign the name of the name as well, not just the file?
dougb at dougbarton.email
Mon Jan 12 22:51:48 CET 2015
On 1/12/15 10:44 AM, Patrick Schleizer wrote:
> When using "gpg --armor --detach-sign some-file-version-c" a file:
> some-file-version-c.asc will be created.
> But an adversary position to arbitrarily change file names on a mirror
> or so could rename it to some-file-version-d and some-file-version-d.asc.
Robert already gave you a method to deal with non-text items. If your
example is a simple text file, put the name of the file in the file as
part of your text: "This is version some-file-version-c"
hope this helps,
More information about the Gnupg-users