GPA fails to verify certain .asc files
Peter Lebbing
peter at digitalbrains.com
Sun Jan 25 12:05:58 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 25/01/15 11:48, Damien Goutte-Gattat wrote:
> It looks like bug 1637 [1], which indeed affected gpa-0.9.4 but has been
> fixed in gpa-0.9.5 and later versions.
So GPA never verified detached signatures in the first place? I read the
report by Philip as it being a regression, but when I reread, it doesn't say
so explicitly. The "hit and miss" doesn't actually say that it ever verified
/detached/ signatures.
It seems Philip is confusing signed files and detached signatures, by the way:
> gpg --clearsign test1.txt gpg --clearsign -a test1.txt gpg --sign -a
> test1.txt
The first two are exactly equivalent. Neither three produce a detached
signature, which was the problematic case. The signed data is included in the
.asc file, not kept as a separate file.
> gpg --detach-sign -a test1.txt
This is the only one likely mimicking the files downloaded from the website:
an ASCII-armoured, detached signature.
HTH,
Peter.
- --
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list