Menu
One can sign a file using PGP, using clearsign option by performing following command in CMD
gpg --clearsign filename
What kind of algorithm does GnuPG uses for clearsign option such that even after performing signature, the output signature is in readable fromat?
I read a manual that said how clearsign option works but I am not able to understand it. It is available here.
According to manual, armor is applied to signature which makes signature unreadable. But the question was how clearsign make signature readable.
But, how can one control output of a signature, composed of a hash algorithm and an encryption function, as cleartext?
By using hash and encryption function, how can output be guaranteed into range of ASCII characters that are readable?
356
Description. This command signs a message that can be verified to ensure that the original message has not been changed. Verification of the signed message is done using the command verify.
Clearsigned documents A common use of digital signatures is to sign usenet postings or email messages. In such situations it is undesirable to compress the document while signing it. The option --clearsign causes the document to be wrapped in an ASCII-armored signature but otherwise does not modify the document.
To verify only the signature, use the --verify option. To both view the contents and show the signature verification, use the --decrypt option. $ gpg --decrypt sample.
Signing a key tells your software that you trust the key that you have been provided with and that you have verified that it is associated with the person in question. To sign a key that you've imported, simply type: gpg --sign-key [email protected].
The signature is always binary, really. The clearsign only means that the signature is computed not over the compressed message but over the original message, if it is in text format. This means that the signed message is still readable to the recipient (after the ----BEGIN PGP SIGNED MESSAGE---- header) which means that in a mail the recipient can still read the message without going through a PGP program. The recipient still needs such a program to verify the signature.
As the signature is always binary but needs to be sent in a text format sometimes, this means that the signature is encoded as base64, to ensure it's also in text format. If you don't do clearsign, but sign, the whole message is compressed first and then signed and the total is base64 encoded. The message would still be readable to anyone (after base64 decoding and decompression). So the standard ASCII armour encoding is used to guarantee printable ASCII output. But this final encoding is just for convenience, the underlying binary form is the actual signature that is verified.
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
