7.14. Creating a Detached Signature File
Problem
You want to sign a file digitally, but have the signature reside in a separate file.
Solution
To create a binary-format detached signature, myfile.sig:
$ gpg --detach-sign myfile
To create an ASCII-format detached signature, myfile.asc:
$ gpg --detach-sign -a myfile
In either case, you’ll be prompted for your passphrase.
Discussion
A detached signature is placed into a file by itself, not inside the file it represents. Detached signatures are commonly used to validate software distributed in compressed tar files, e.g., myprogram.tar.gz. You can’t sign such a file internally without altering its contents, so the signature is created in a separate file such as myprogram.tar.gz.sig.
See Also
gpg(1).
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.