Shouldn't I be able to verify the signature independently?
Why?A signature is a piece of data that attests another piece of data is unchanged. If it doesn't have a second piece of data to compare to, all it can say is "I have a good digital signature that attests to a hash value of XYZ for some piece of data, but, uh ... where's the data?"
Detached signatures (clearsign signatures being one kind of them) do not include the original data. You can sign gigabytes of data and the detached signature will still be only a few hundred bytes in size, because the original data isn't there.
OpenPGP_0x1DCBDC01B44427C7.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
