Thank you for gpg2!
I have the following usecase:
- encrypt file.txt to file.txt.gpg
- sign file.txt to file.txt.sig
- upload file.txt.gpg and file.txt.sig to UNSECURE CLOUD
Now I have the possibility to --decrypt file.txt.sig from the unsecure cloud environment!
I propose to change the default in step 2) to a --detach --sign and possibly create a new --attach --sign as the optional feature!
Otherwise it is easily possible to compromise file.txt with distributing the created signature!
Thanks for considering!