Detaching signature from signed object

Matthew Richardson matthew-l at itconsult.co.uk
Wed Jun 23 18:55:26 CEST 2021 

eThinking about this further, is there any to use the details from
"--list-packets" in order to extract the signature.

For example, the output from the signing below produces:-

>C:\>gpg --list-packets R:\Temp\signedfile.asc
># off=0 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
>:compressed packet: algo=1
># off=2 ctb=90 tag=4 hlen=2 plen=13
>:onepass_sig packet: keyid DC00AF5F572550CB
>        version 3, sigclass 0x00, digest 8, pubkey 22, last=1
># off=17 ctb=ac tag=11 hlen=2 plen=55
>:literal data packet:
>        mode b (62), created 1624466686, name="inputfile.txt",
>        raw data: 36 bytes
># off=74 ctb=88 tag=2 hlen=2 plen=117
>:signature packet: algo 22, keyid DC00AF5F572550CB
>        version 4, created 1624466686, md5len 0, sigclass 0x00
>        digest algo 8, begin of digest dc 7e
>        hashed subpkt 33 len 21 (issuer fpr v4 1797615E1E1CA3357FD23365DC00AF5F572550CB)
>        hashed subpkt 2 len 4 (sig created 2021-06-23)
>        subpkt 16 len 8 (issuer key ID DC00AF5F572550CB)
>        data: [256 bits]
>        data: [256 bits]

Would the:-

># off=74 ctb=88 tag=2 hlen=2 plen=117

provide enough inforation to extract the signature?  Does it vary depending
upon whether the signature is ASCII armored?

Or am I barking up the wrong tree???

Best wishes,
Matthew

 ------
>From: Matthew Richardson via Gnupg-users <gnupg-users at gnupg.org>
>To: gnupg-users at gnupg.org
>Cc: 
>Date: Sun, 20 Jun 2021 17:52:53 +0100
>Subject: Detaching signature from signed object

>Is there any way in GnuPG to detach (or extract) a signature from a signed
>object?  For example, a signed object is created with:-
>
>>gpg --armor --output signedfile.asc --sign inputfile.txt
>
>where what is wanted is a detached signature which would verify against
>inputfile.txt.
>
>This feature is in PGP 2:-
>
>>pgp -sa inputfile.txt -o signedfile.asc
>>pgp -b signedfile.asc -o verified.txt
>
>which also produces verified.pgp as the detached signature.  The feature is
>described (briefly) in the PGP 2 documentation thus:-
>
>>To detach a signature certificate from a signed message:
>>     pgp -b ciphertextfile
>
>The reason for asking is that I operate a service [1], which currently used
>PGP 2, and which would benefit from more recent crypto, but which also uses
>"pgp -b" extensively.
>
>Best wishes,
>Matthew
>
>[1] http://www.itconsult.co.uk/stamper.htm

More information about the Gnupg-users mailing list