detached signature, "can't hash datafile: No data"

Robert J. Hansen rjh at
Sat Jan 1 05:12:16 CET 2022

> Shouldn't I be able to verify the signature independently?


A signature is a piece of data that attests another piece of data is 
unchanged.  If it doesn't have a second piece of data to compare to, all 
it can say is "I have a good digital signature that attests to a hash 
value of XYZ for some piece of data, but, uh ... where's the data?"

Detached signatures (clearsign signatures being one kind of them) do not 
include the original data.  You can sign gigabytes of data and the 
detached signature will still be only a few hundred bytes in size, 
because the original data isn't there.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x1DCBDC01B44427C7.asc
Type: application/pgp-keys
Size: 11861 bytes
Desc: OpenPGP public key
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list