GPA fails to verify certain .asc files
Philip Jackson
philip.jackson at nordnet.fr
Sat Jan 24 20:05:02 CET 2015
Using GPA 0.9.4 in linux.
I downloaded a file and its signature as a .asc from a website that I have used
many times. While looking at the spelling of the filename, I accidentally
clicked on the signature file and launched GPA so decided to use it to verify
the download. GPA gave me a 'bad' status.
The file verified as a good signature at the command line.
When I checked, I found that a signature "filename.asc" could be generated by
several means using gpg and gpg2 :
gpg --clearsign test1.txt
gpg --clearsign -a test1.txt
gpg --sign -a test1.txt
gpg --detach-sign -a test1.txt
each command/option gave a signature file test1.txt.asc
The last one, generated using '--detach-sign -a' could not be verified in GPA,
giving a 'bad' status. All four could be verified correctly in the command line.
When opened in a text editor, the downloaded signature file had a similar
structure to the one made using the -ba command/option.
So it appears to be a bit hit and miss trying to use GPA to verify downloaded
.asc signatures.
Philip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150124/aa46d628/attachment.sig>
More information about the Gnupg-users
mailing list