On Wed, Jan 14, 2004 at 01:53:18PM +0100, J.H.M. Dassen (Ray) wrote: > On Tue, Jan 13, 2004 at 22:21:43 +0000, Pigeon wrote: > > Anyone care to explain, or point me to an explanation of, the difference > > between a "complete" and "detached" GPG signature? > > Complete signature: > original file > -- signing process --> > modified file containing both the original information and the > signature. > > Detached signature: > original file > -- signing process --> > original file + separate signature file
Thanks, but I'm still not getting something here. man gpg seems to indicate
that there are three signing options:
gpg -b - make a detached signature
gpg --clearsign - make a clear text signature
gpg -s, --sign - make a signature
It doesn't specifically list an option to "make a complete signature". I had
assumed that gpg -s was the "complete signature" option as the other options
call themselves something different. I may be wrong here. The results I get,
signing a particular text file of length 13021 bytes, are:
"Make a detached signature":
original-file.txt, 13021 bytes
-- signing process -->
original-file.txt + separate signature file, length 65 bytes, named
"original-file.txt.sig", containing binary data
"Make a clear text signature":
original-file.txt, 13021 bytes
-- signing process -->
modified file, named "original-file.txt.asc", length 13340 bytes,
containing original text + signature in
"ascii-armoured" form, as for an inline-signed
email
"Make a signature":
original-file.txt, 13021 bytes
-- signing process -->
original-file.txt + separate signature file, length 5105 bytes, named
"original-file.txt.gpg", containing binary data
From this, it looks to me as if "Make a clear text signature" corresponds to
your definition for "complete signature", and we also have two different
types of "detached signature", a short form which actually is called a
"detached signature" and a much longer form which is just a "signature".
However, when I try it with a binary file, the results differ:
"Make a detached signature":
original-file.gif, 65166 bytes
-- signing process -->
original-file.gif + separate signature file, length 65 bytes, named
"original-file.gif.sig", containing binary data
"Make a clear text signature":
original-file.gif, 65166 bytes
-- signing process -->
modified file, named "original-file.gif.asc", length 65448 bytes,
containing original data in binary form +
signature in "ascii-armoured" form
"Make a signature":
original-file.gif, 65166 bytes
-- signing process -->
modified file, named "original-file.gif.gpg", length 65377 bytes,
containing original data modified in some way
(the magic bytes indicating a GIF file are no
longer identifiable) + signature (presumably!)
So here it looks as if "Make a signature" _does_ correspond to "complete
signature", but also modifies the data in some way; "make a clear text
signature" is basically the same with the signature in "ascii-armoured" form
and the data unmodified; and "make a detached signature" still makes the
"short form" of detached signature.
So, what's the deal with the varying behaviour of "make a signature"? Why
does it apparently make a "complete signature" with a binary file and a
"detached signature" with a text file?
And why are there apparently two forms, short and long, of the "detached
signature"? Is it that the "long" form actually contains the text as well as
the signature, but the text is no longer recognisable as such because it has
been compressed? And the GIF file, being compressed already, can't be
compressed further, so it looks as though something different has happened
when in fact it is doing the same thing?
--
Pigeon
Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
pgp00000.pgp
Description: PGP signature
