How to sign the name of the name as well, not just the file?

Doug Barton dougb at dougbarton.email
Mon Jan 12 22:51:48 CET 2015


On 1/12/15 10:44 AM, Patrick Schleizer wrote:
> When using "gpg --armor --detach-sign some-file-version-c" a file:
> some-file-version-c.asc will be created.
>
> But an adversary position to arbitrarily change file names on a mirror
> or so could rename it to some-file-version-d and some-file-version-d.asc.

Robert already gave you a method to deal with non-text items. If your 
example is a simple text file, put the name of the file in the file as 
part of your text: "This is version some-file-version-c"

hope this helps,

Doug




More information about the Gnupg-users mailing list