On Thursday 28 August 2014 22:53:52 TJ wrote: > I've recently been digging deep into the source-code trying to > understand what the differences are between --clearsign and > --detach-sign signatures. > > This came about whilst writing code that calls on "gpg --verify" on > detached signatures; specifically Debian APT archives that contain > "Release" (plaintext) and "Release.gpg" (detached signature). > > The aim/hope was to combine the plaintext and detached signature into > the armored clearsign format and thus avoid needing to write one of > them to the file-system (the other can be supplied via stdin).
You can probably use another approach than trying to create a clearsigned text from a signed text and its detached signature. On the command line one can provide both, the detached signature and the signed text, one after the other via stdin by running gpg --verify - - You need to separate the detached signature and the signed stuff with an EOT, e.g. on the console first you enter the armored detached signature and terminate it with Ctrl+D, then you enter the signed text and terminate it with Ctrl+D. BTW, which language do you want to write the code in? Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
