Verification of a detached signature fails, what am I missing?

Ingo Klöcker kloecker at kde.org
Sun May 8 15:39:47 CEST 2022


On Sonntag, 8. Mai 2022 01:33:28 CEST Vinay Sajip via Gnupg-users wrote:
> The following script fails at the verification step. It needs to be run with
[...]
> echo $'\e[1;33m'Creating random data to sign ...$'\e[0m'
> dd if=/dev/urandom of=data-to-sign bs=1 count=1024 > /dev/null 2>&1
> echo $'\e[1;33m'Signing data, asking for a detached signature ...$'\e[0m'
> echo aable | ${GPG} --pinentry-mode loopback ${COMMON_ARGS} --passphrase-fd
> 0 -sa --detach-sign --default-key ${KEYID} | tee sig.asc command_status $?
> echo $'\e[1;33m'Trying to verify data ...$'\e[0m'
> ${GPG} ${COMMON_ARGS} --verify sig.asc data-to-sign
[...]

> What have I missed in terms of arguments passed to GnuPG, or anything else?

You have missed that you are not passing the file data-to-sign to gpg. I think 
what happens is that gpg signs the text "aable\n" (and it doesn't use "aable" 
for the passphrase because it's still in the cache after the generation of the 
test key).

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220508/3c6ec7b5/attachment.sig>


More information about the Gnupg-users mailing list