7.14. Creating a Detached Signature File

Problem

You want to sign a file digitally, but have the signature reside in a separate file.

Solution

To create a binary-format detached signature, myfile.sig:

$ gpg --detach-sign myfile

To create an ASCII-format detached signature, myfile.asc:

$ gpg --detach-sign -a myfile

In either case, you’ll be prompted for your passphrase.

Discussion

A detached signature is placed into a file by itself, not inside the file it represents. Detached signatures are commonly used to validate software distributed in compressed tar files, e.g., myprogram.tar.gz. You can’t sign such a file internally without altering its contents, so the signature is created in a separate file such as myprogram.tar.gz.sig.

See Also

gpg(1).

Get Linux Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.