detached signature, "can't hash datafile: No data"
Robert J. Hansen
rjh at sixdemonbag.org
Sat Jan 1 05:12:16 CET 2022
> Shouldn't I be able to verify the signature independently?
Why?
A signature is a piece of data that attests another piece of data is
unchanged. If it doesn't have a second piece of data to compare to, all
it can say is "I have a good digital signature that attests to a hash
value of XYZ for some piece of data, but, uh ... where's the data?"
Detached signatures (clearsign signatures being one kind of them) do not
include the original data. You can sign gigabytes of data and the
detached signature will still be only a few hundred bytes in size,
because the original data isn't there.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x1DCBDC01B44427C7.asc
Type: application/pgp-keys
Size: 11861 bytes
Desc: OpenPGP public key
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211231/3c40755d/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211231/3c40755d/attachment-0001.sig>
More information about the Gnupg-users
mailing list