--verify with foo.gpg file does not assume signed data in foo?

Ray Satiro raysatiro at yahoo.com
Sun Feb 18 20:45:14 CET 2018

I downloaded an Ubuntu preview ISO [1] recently along with its hash and
signature, SHA256SUMS and SHA256SUMS.gpg. I expected to be able to do this:

gpg --verify SHA256SUMS.gpg
gpg: no signed data
gpg: can't hash datafile: No data

Instead I have to do this:

gpg --verify SHA256SUMS.gpg SHA256SUMS

My question is why is that necessary with gpg files? I know for xxx.sig
files it would strip that extension and then "gpg: assuming signed data
in xxx"

[1]: http://cdimage.ubuntu.com/ubuntu/daily-live/current/

More information about the Gnupg-users mailing list