You can create a detached signature with GnuPG (GPG), which means you create a separate signature file, next to the actual file, which can then be used to verify the file’s integrity.
The official GnuPG documentation would tell you:
gpg --output doc.sig --detach-sig docHowever, there’s a much easier way:
gpg --detach-sign myfileIf you have multiple keys, you can specify the correct one to use with:
gpg -u [email protected] --detach-sign myfileInstead of the email, you can specify the key ID or fingerprint, etc. If you specify nothing, your default key will be used.
By default, the signature will be put in a binary file of the same name, but with a .sig appended.
If you instead want to have the signature “ASCII armored” (text instead of binary), add the option -a like so:
gpg --detach-sign -a myfileWhich will output to myfile.asc instead of myfile.sig. You can also specify your key with -u like above.
To verify a signature, do:
gpg --verify myfile.sigOr myfile.asc, depending on what you used.
That’s all there is to it! Consider donating a coffee if this helped you. (:
Leave A Comment