Recipe 7.14 Creating a Detached Signature File
7.14.1 Problem
You want to sign a file digitally, but have the signature reside in a
separate file.
7.14.2 Solution
To create a binary-format
detached signature,
myfile.sig:
$ gpg --detach-sign myfile
To create an ASCII-format detached
signature, myfile.asc:
$ gpg --detach-sign -a myfile
In either case, you'll be prompted for your
passphrase.
7.14.3 Discussion
A detached signature is placed into a file by itself, not inside the
file it represents. Detached signatures are commonly used to validate
software distributed in compressed tar files, e.g.,
myprogram.tar.gz. You can't
sign such a file internally without altering its contents, so the
signature is created in a separate file such as
myprogram.tar.gz.sig.
7.14.4 See Also
gpg(1).
|
