usecase for --detach-sign as the default signature creation method
Open, NormalPublic

Description

Hello all,

Thank you for gpg2!

I have the following usecase:

  1. encrypt file.txt to file.txt.gpg
  2. sign file.txt to file.txt.sig
  3. upload file.txt.gpg and file.txt.sig to UNSECURE CLOUD

Now I have the possibility to --decrypt file.txt.sig from the unsecure cloud environment!

I propose to change the default in step 2) to a --detach --sign and possibly create a new --attach --sign as the optional feature!

Otherwise it is easily possible to compromise file.txt with distributing the created signature!

Thanks for considering!

Ciao
Gerrit

Details

Version
2.2.19
leder created this task.Fri, Sep 25, 9:34 AM
leder renamed this task from usecase for --detach --sign as the default signature creation to usecase for --detach --sign as the default signature creation method.
werner added a subscriber: werner.Fri, Sep 25, 10:03 AM

I am sorry, but I do not understand your request. Please give real commands as examples.
You known that you can always use --output FILENAME to force a certain file name?

werner triaged this task as Normal priority.
leder added a comment.Sat, Oct 3, 7:26 PM

Hello Werner,

thank you for your info on the output FILENAME: I have recorded an example session w/ the last line being the proposed:

  • --attach-sign command
  • --sign command being obsolete

Please have a look and tell me your opinion!

Ciao
Gerrit

leder renamed this task from usecase for --detach --sign as the default signature creation method to usecase for --detach-sign as the default signature creation method.Sat, Oct 3, 7:31 PM