Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What are the meaningful differences between .gpg, .sig., & .asc?

I’m aware that .asc signatures are output as a text file, while .sig & .gpg are binary.

That aside:

  1. Are .sig and .gpg the same file with different extensions? If not, why use one over the other?
  2. Between text files and binary files, what are the relative advantages? Security, efficiency, compatibility, etc.
like image 506
CuriousCat Avatar asked Dec 31 '22 12:12

CuriousCat


1 Answers

Are .sig and .gpg the same file with different extensions?

No, they are different file in the context of GnuPG.

  • .gpg - GNU Privacy Guard public keyring file, binary format. See examples from 4.2 Configuration files
  • .sig - GPG signed document file, binary format.
  • .asc - ASCII-armored signature with or without wrapped document, plain text format. Usually used in clearsigned documents. Usually it's attached unmodified original doc and its signature. In the usage of detached signatures, you can generate signature only without original doc via --detach-sig.

If not, why use one over the other?

Good question! Since OpenPGP is an open standard (RFC 4880), its section 6 provides detailed explanation, I just quote the key part:

In principle, any printable encoding scheme that met the requirements of the unsafe channel would suffice, since it would not change the underlying binary bit streams of the native OpenPGP data structures. The OpenPGP standard specifies one such printable encoding scheme to ensure interoperability.

I will use this answer as reply of Pros and Cons of binary vs ASCII format.

like image 173
shawnzhu Avatar answered Mar 04 '23 05:03

shawnzhu