Using GPA 0.9.4 in linux. I downloaded a file and its signature as a .asc from a website that I have used many times. While looking at the spelling of the filename, I accidentally clicked on the signature file and launched GPA so decided to use it to verify the download. GPA gave me a 'bad' status.
The file verified as a good signature at the command line. When I checked, I found that a signature "filename.asc" could be generated by several means using gpg and gpg2 : gpg --clearsign test1.txt gpg --clearsign -a test1.txt gpg --sign -a test1.txt gpg --detach-sign -a test1.txt each command/option gave a signature file test1.txt.asc The last one, generated using '--detach-sign -a' could not be verified in GPA, giving a 'bad' status. All four could be verified correctly in the command line. When opened in a text editor, the downloaded signature file had a similar structure to the one made using the -ba command/option. So it appears to be a bit hit and miss trying to use GPA to verify downloaded .asc signatures. Philip
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
