Recipe 7.14 Creating a Detached Signature File

7.14.1 Problem

You want to sign a file digitally, but have the signature reside in a separate file.

7.14.2 Solution

To create a binary-format detached signature, myfile.sig:

$ gpg --detach-sign myfile

To create an ASCII-format detached signature, myfile.asc:

$ gpg --detach-sign -a myfile

In either case, you'll be prompted for your passphrase.

7.14.3 Discussion

A detached signature is placed into a file by itself, not inside the file it represents. Detached signatures are commonly used to validate software distributed in compressed tar files, e.g., myprogram.tar.gz. You can't sign such a file internally without altering its contents, so the signature is created in a separate file such as myprogram.tar.gz.sig.

7.14.4 See Also


    Chapter 9. Testing and Monitoring