On 12/31/21 23:12, Robert J. Hansen via Gnupg-users wrote:
Shouldn't I be able to verify the signature independently?
Why?
A signature is a piece of data that attests another piece of data is
unchanged. If it doesn't have a second piece of data to compare to,
all it can say is "I have a go
> I would've thought that a clearsign signature preserves the data
above the pgp signature, in plaintext. Isn't the plaintext above the
signature the original data?
In that case, it is. I spoke inartfully: I meant to say that detached
signatures can be done in either a binary format or in
Shouldn't I be able to verify the signature independently?
Why?
A signature is a piece of data that attests another piece of data is
unchanged. If it doesn't have a second piece of data to compare to, all
it can say is "I have a good digital signature that attests to a hash
value of XYZ for
Hello,
I wanted to verify an install file so I downloaded file.dmg and the
accompanying detached signature.asc. The public key was imported and
verified. Using GnuPG, I used the command:
gpg --verify signature.asc file.dmg
and..
"Good signature from..."
However, when I try to verify signature
