GPA fails to verify certain .asc files

Philip Jackson philip.jackson at
Sat Jan 24 20:05:02 CET 2015

Using GPA 0.9.4 in linux.

I downloaded a file and its signature as a .asc from a website that I have used
many times.  While looking at the spelling of the filename, I accidentally
clicked on the signature file and launched GPA so decided to use it to verify
the download.  GPA gave me a 'bad' status.

The file verified as a good signature at the command line.

When I checked, I found that a signature "filename.asc" could be generated by
several means using gpg and gpg2 :

gpg --clearsign test1.txt
gpg --clearsign -a test1.txt
gpg --sign -a test1.txt
gpg --detach-sign -a test1.txt

each command/option gave a signature file test1.txt.asc

The last one, generated using '--detach-sign -a' could not be verified in GPA,
giving a 'bad' status.  All four could be verified correctly in the command line.

When opened in a text editor, the downloaded signature file had a similar
structure to the one made using the -ba command/option.

So it appears to be a bit hit and miss trying to use GPA to verify downloaded
.asc signatures.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150124/aa46d628/attachment.sig>

More information about the Gnupg-users mailing list