Linux Security Cookbook
7.14.1 Problem
You want to sign a file digitally, but have the signature reside in a separate file. 7.14.2 Solution
To create a binary-format detached signature, myfile.sig: $ gpg --detach-sign myfile To create an ASCII-format detached signature, myfile.asc: $ gpg --detach-sign -a myfile In either case, you'll be prompted for your passphrase. 7.14.3 Discussion
A detached signature is placed into a file by itself, not inside the file it represents. Detached signatures are commonly used to validate software distributed in compressed tar files, e.g., myprogram.tar.gz. You can't sign such a file internally without altering its contents, so the signature is created in a separate file such as myprogram.tar.gz.sig. 7.14.4 See Also
gpg(1). |