GNU Privacy Assistant - false negatives on detached signature verification (GPA)

Bernhard Reiter bernhard at
Fri Oct 8 12:26:42 CEST 2021

Am Mittwoch 06 Oktober 2021 21:19:18 schrieb anonymous via Gnupg-users:
> It seems that GPA can only verify detached signatures when it has a suffix
> of .sig .sign or .asc. When a detached signature has a different suffix
> (for example .gpg like all of the sha256sum.txt.gpg files for verifying
> Linux Mint downloads) GPA will always display a signature status of "Bad"
> even though the signature is in fact good.

If this is reproducable for you, please file a problem report on
with keyword GPA. 

Note that GPA maintance is currently very slow. Werner has some GKT3 patches 
but no time to get this is shape. And unless someone steps up to maintain the 
windows port, it will probably be dropped from Gpg4win for example. (See 
gpg4win-devel@ discussion).

Best Regards,

--   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Gnupg-users mailing list