GNU Privacy Assistant - false negatives on detached signature verification

anonymous anon85786376 at protonmail.com
Wed Oct 6 21:19:18 CEST 2021


It seems that GPA can only verify detached signatures when it has a suffix of .sig .sign or .asc. When a detached signature has a different suffix (for example .gpg like all of the sha256sum.txt.gpg files for verifying Linux Mint downloads) GPA will always display a signature status of "Bad" even though the signature is in fact good.

If the detached signature file is renamed to change the suffix to one of .sig .sign or .asc the GPA will correctly verify it as "Good". Is that the only way to make it work?



More information about the Gnupg-users mailing list