GPA fails to verify certain .asc files

Peter Lebbing peter at
Sun Jan 25 12:05:58 CET 2015

Hash: SHA1

On 25/01/15 11:48, Damien Goutte-Gattat wrote:
> It looks like bug 1637 [1], which indeed affected gpa-0.9.4 but has been
> fixed in gpa-0.9.5 and later versions.

So GPA never verified detached signatures in the first place? I read the
report by Philip as it being a regression, but when I reread, it doesn't say
so explicitly. The "hit and miss" doesn't actually say that it ever verified
/detached/ signatures.

It seems Philip is confusing signed files and detached signatures, by the way:

> gpg --clearsign test1.txt gpg --clearsign -a test1.txt gpg --sign -a
> test1.txt

The first two are exactly equivalent. Neither three produce a detached
signature, which was the problematic case. The signed data is included in the
.asc file, not kept as a separate file.

> gpg --detach-sign -a test1.txt

This is the only one likely mimicking the files downloaded from the website:
an ASCII-armoured, detached signature.



- -- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list