Verifying multiple detached signatures avoiding "multiple signatures detected. Only the first will be checked"
Graham Leggett
minfrin at sharp.fm
Wed Jun 25 18:59:05 CEST 2025
Hi all,
I have a file, with multiple ascii armoured PGP signatures in them, and I want to count the number of valid signatures found. To verify them I run "gpg2 --verify sigs.asc", and the verify counts just one signature of the two that are present by giving up with the following warning:
gpg: WARNING: multiple signatures detected. Only the first will be checked.
Oops.
Digging through archaeological layers of the internet we find this:
https://lists.gnupg.org/pipermail/gnupg-devel/2013-January/027284.html
Which summed up says concatenated signatures don't work unless they all have the same digest.
Assuming concatenating signatures is wrong, can anyone confirm what the correct way is to handle this?
Is there a way to combine the concatenated signature into one ascii armoured entity, something else?
Regards,
Graham
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250625/c8897498/attachment.html>
More information about the Gnupg-users
mailing list