/usr/share/doc/gnupg-doc/GNU_Privacy_Handbook/html/x136.htm is in gnupg-doc 2003.04.06+dak1-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Making and verifying signatures</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The GNU Privacy Handbook"
HREF="book1.htm"><LINK
REL="UP"
TITLE="Getting Started"
HREF="c15.htm"><LINK
REL="PREVIOUS"
TITLE="Encrypting and decrypting documents"
HREF="x111.htm"><LINK
REL="NEXT"
TITLE="Concepts"
HREF="c174.htm"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The GNU Privacy Handbook</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x111.htm"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 1. Getting Started</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="c174.htm"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN136"
>Making and verifying signatures</A
></H1
><P
>A digital signature certifies and timestamps a document.
If the document is subsequently modified in any way, a verification
of the signature will fail.
A digital signature can serve the same purpose as a hand-written signature
with the additional benefit of being tamper-resistant.
The GnuPG source distribution, for example, is signed so that users can
verify that the source code has not been modified since it was packaged.</P
><P
>Creating and verifying signatures uses the public/private keypair
in an operation different from encryption and decryption.
A signature is created using the private key of the signer.
The signature is verified using the corresponding public key.
For example, Alice would use her own private key to digitally sign
her latest submission to the Journal of Inorganic Chemistry.
The associate editor handling her submission would use Alice's
public key to check the signature to verify that the submission
indeed came from Alice and that it had not been modified since Alice
sent it.
A consequence of using digital signatures is that it is difficult to
deny that you made a digital signature since that would imply
your private key had been compromised.</P
><P
>The command-line option
<CODE
CLASS="OPTION"
>--sign</CODE
> is
used to make a digital signature.
The document to sign is input, and the signed document is output.
<PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>alice%</TT
> <KBD
CLASS="USERINPUT"
>gpg --output doc.sig --sign doc</KBD
>
You need a passphrase to unlock the private key for
user: "Alice (Judge) <alice@cyb.org>"
1024-bit DSA key, ID BB7576AC, created 1999-06-04
Enter passphrase: </PRE
>
The document is compressed before being signed, and the output is in binary
format.</P
><P
>Given a signed document, you can either check the signature or
check the signature and recover the original document.
To check the signature use the
<CODE
CLASS="OPTION"
>--verify</CODE
> option.
To verify the signature and extract the document use the
<CODE
CLASS="OPTION"
>--decrypt</CODE
>
option.
The signed document to verify and recover is input and the recovered
document is output.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>blake%</TT
> <KBD
CLASS="USERINPUT"
>gpg --output doc --decrypt doc.sig</KBD
>
gpg: Signature made Fri Jun 4 12:02:38 1999 CDT using DSA key ID BB7576AC
gpg: Good signature from "Alice (Judge) <alice@cyb.org>"</PRE
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN153"
>Clearsigned documents</A
></H2
><P
>A common use of digital signatures is to sign usenet postings or
email messages.
In such situations it is undesirable to compress the document while
signing it.
The option
<CODE
CLASS="OPTION"
>--clearsign</CODE
>
causes the document to be wrapped in an ASCII-armored signature but
otherwise does not modify the document.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>alice%</TT
> <KBD
CLASS="USERINPUT"
>gpg --clearsign doc</KBD
>
You need a passphrase to unlock the secret key for
user: "Alice (Judge) <alice@cyb.org>"
1024-bit DSA key, ID BB7576AC, created 1999-06-04
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[...]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.7 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjdYCQoACgkQJ9S6ULt1dqz6IwCfQ7wP6i/i8HhbcOSKF4ELyQB1
oCoAoOuqpRqEzr4kOkQqHRLE/b8/Rw2k
=y6kj
-----END PGP SIGNATURE-----</PRE
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN161"
>Detached signatures</A
></H2
><P
>A signed document has limited usefulness.
Other users must recover the original document from the signed
version, and even with clearsigned documents, the signed document
must be edited to recover the original.
Therefore, there is a third method for signing a document that
creates a detached signature, which is a separate file.
A detached signature is created using the
<CODE
CLASS="OPTION"
>--detach-sig</CODE
>
option.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>alice%</TT
> <KBD
CLASS="USERINPUT"
>gpg --output doc.sig --detach-sig doc</KBD
>
You need a passphrase to unlock the secret key for
user: "Alice (Judge) <alice@cyb.org>"
1024-bit DSA key, ID BB7576AC, created 1999-06-04
Enter passphrase: </PRE
><P
>Both the document and detached signature are needed to verify
the signature.
The <CODE
CLASS="OPTION"
>--verify</CODE
> option can be to check the
signature.</P
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>blake%</TT
> <KBD
CLASS="USERINPUT"
>gpg --verify doc.sig doc</KBD
>
gpg: Signature made Fri Jun 4 12:38:46 1999 CDT using DSA key ID BB7576AC
gpg: Good signature from "Alice (Judge) <alice@cyb.org>"</PRE
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x111.htm"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="book1.htm"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="c174.htm"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Encrypting and decrypting documents</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="c15.htm"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Concepts</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
|