How to detect extraneous content in clearsigned (--clearsign) files?

[Werner Koch]

On Mon, 12 Jan 2015 03:19, patrick-mailinglists at whonix.org said:

> Suppose a file has been `--clearsign`ed. Then an adversary pretended or
> appended extraneous content.

That is what the signature is all about ;-).  Use

  gpg --verify --output OUT SIGNEDDATA

to write the _verified_ content of the file SIGNEDDATA to the file OUT.
You also need to check the verification status of course.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.