GPA fails to verify certain .asc files

Philip Jackson philip.jackson at nordnet.fr
Sun Jan 25 14:49:58 CET 2015


On 25/01/15 12:05, Peter Lebbing wrote:
> It seems Philip is confusing signed files and detached signatures, by the way:
> 
>> > gpg --clearsign test1.txt gpg --clearsign -a test1.txt gpg --sign -a
>> > test1.txt
> The first two are exactly equivalent. Neither three produce a detached
> signature, which was the problematic case. The signed data is included in the
> .asc file, not kept as a separate file.

>> > gpg --detach-sign -a test1.txt
> This is the only one likely mimicking the files downloaded from the website:
> an ASCII-armoured, detached signature.

You are right, Peter, about the signed and detached being different cases.  I
did not know then that GPA 0.9.4 couldn't tell the difference between signed
files and detached signature files all having same .asc extension.

Normally I verify the download with the command line but to avoid typos in a
lengthy and complicated file name, I was copying and pasting the name from the
file manager display and I accidentally clicked on the name and caused GPA to open.

This is an indicator of the risks of having out of date versions of an
application that you don't normally use anyway still remaining on your system.

I'm sorry if I've wasted people's time with a worry from the past that no longer
exists.

Philip

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150125/ef1c8dbe/attachment.sig>


More information about the Gnupg-users mailing list