Pete --- I lost your original message but here is my answer to it.
The use of gpg to verify signatures is non-obvious and requires a careful
reading of the man page. (Did for me at least.)
Summary:
To make a detached signature, use 'gpg -ba < FILE > FILE.sig'
(a pstty will be opened to prompt for your password, which is
never accepted over stdin).
To verify that signature, use 'gpg --verify FILE.sign - < FILE'.
This does work as expected for me. Not that if gpg cannot open one of
the files needed it will probably report a bad signature rather than a
missing file.
--
Henry House
OpenPGP key available from http://hajhouse.org/hajhouse.asc
PGP signature
