Home/ Questions/Q 8822643
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T06:09:25+00:00

Edit: Sorry for the confusion. Actually I want to know whether it is possible

  • 0

Edit: Sorry for the confusion. Actually I want to know whether it is possible to encrypt using private key. (This automatically means signing too.)
I wish to do this in a C program by running a script.

btw, is encrypting with private key a good idea to send a signed message to audience which will decrypt it with my public key ?

Old question:
How to “sign” a file with gpg using my own private key in GNU/Linux? I saw the man page but it doesn’t give any info about this.
Also, how the other party verify my signature created in this manner?

Please give the command line options to accomplish this, if it is possible.

I saw other questions on SO but they talk about Android, JAVA etc. I want just command line options.
thx.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The man page actually does give info about signing.

    There are 3 main choices:

    1. sign file directly with -s/--sign
      • completely modifies the file, embedding a signature in it — can be used with or without -a ASCII armor option
    2. sign file directly with -s/--sign AND with --clearsign
      • wraps the file with a plain-text ASCII signature
    3. create detached signature with -b/--detach-sign
      • saves a signature to a separate file — can be used with or without -a

    Here’s an example of me doing each in turn and then verifying.

    1. Embedded signature, modifying the original file (requiring use of gpg -d to get at the original contents of the file).

      $ cp /etc/issue .
$ gpg -sa <issue>issue.asc

You need a passphrase to unlock the secret key for
user: "Rsaw Rsaw <rsaw@devnull>"
2048-bit RSA key, ID 211A2D3E, created 2012-08-24

$ cat issue.asc   
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (GNU/Linux)

owEBcQGO/pANAwACASZpDtshGi0+ActBYgBQoI3pRmVkb3JhIHJlbGVhc2UgMTcg
KEJlZWZ5IE1pcmFjbGUpCktlcm5lbCBcciBvbiBhbiBcbSAoXGwpCgqJARwEAAEC
AAYFAlCgjekACgkQJmkO2yEaLT5C3Af/fGDDoCA+6ddDUqbOZa96RNZrQPvvuT2m
ZnPEnXonqkTEf0OLOJFHWPTsMK5SKdSWx14gvaiSbQTGTKdqUiaSBfBs+tenJ39S
zQrZPctqKYvBbk848qiBO6tHgf8npNmg2yeY2YKjR6+02bHadg9wiujjazutuSKY
xEDvaIoDpCl1bsbOF7ZI8zxcpFx366PZybC/fEvA+R4sDFP4QiYDPg0MKmrUlsJa
1l9gE8e1LEZC2wXDuSCffL6dODFbCvHgU4IyUze1lX5CZHFPs5Y9kI+yBb9f9sYH
UzOHJDISHMephS1WPqP5JXlkwiiUNTEk4qnTQRalud+yAHBeEZtrtA==
=fYHs
-----END PGP MESSAGE-----
$ gpg --verify issue.asc 
gpg: Signature made Mon 12 Nov 2012 12:49:29 AM EST using RSA key ID 211A2D3E
gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
$ gpg -d issue.asc 
Fedora release 17 (Beefy Miracle)
Kernel \r on an \m (\l)

gpg: Signature made Mon 12 Nov 2012 12:49:29 AM EST using RSA key ID 211A2D3E
gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"

    2. Wrapping clearsign signature.

      $ gpg -s --clearsign <issue>issue.asc

You need a passphrase to unlock the secret key for
user: "Rsaw Rsaw <rsaw@devnull>"
2048-bit RSA key, ID 211A2D3E, created 2012-08-24

$ cat issue.asc   
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fedora release 17 (Beefy Miracle)
Kernel \r on an \m (\l)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJQoI65AAoJECZpDtshGi0+XLwH/0q7M+6aVvM2XMwy36R+zbYv
IjF/GBUgEFRO53a0xCi6lhw10Wp4tpmZLeJJwFb2xNGu7/1SaB4pk/PhSk4xU5Bx
3FepXaHvbwoB+Km2jqCnB1BNowJa4UecPk7pBoBPbBFv6GomecMYv1a3tORStmwe
3UIF99HgCilivjbJoGI6h7en7yq2LwwQLpHNs8dY8rlurQfHM5CMv5RpF9jCDEJS
MHKN52Urcx1/ROam/YjyP+Pa+PZF4x19q+obdHOsNCyqAIlYcfsUjCoiCGF8FjPM
00ha0aaw9dHezmqyAE9nWE5SYB571iVcO1xIoGk+jl78HSwpxpf5hssavDwT2go=
=o6WZ
-----END PGP SIGNATURE-----
$ gpg -v issue.asc
gpg: armor header: Hash: SHA1
gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
gpg: original file name=''
File `issue' exists. Overwrite? (y/N) 
gpg: Interrupt caught ... exiting

$ gpg --verify issue.asc
gpg: Signature made Mon 12 Nov 2012 12:52:57 AM EST using RSA key ID 211A2D3E
gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
$ gpg -d issue.asc
Fedora release 17 (Beefy Miracle)
Kernel \r on an \m (\l)

gpg: Signature made Mon 12 Nov 2012 12:52:57 AM EST using RSA key ID 211A2D3E
gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"

    3. Detached signature (requiring the same name as the signed file, plus an extension of .sig or .asc OR requiring the user to explicitly specify both the detached-sig-file and the signed file).

      $ gpg -ba <issue>issue.sig

You need a passphrase to unlock the secret key for
user: "Rsaw Rsaw <rsaw@devnull>"
2048-bit RSA key, ID 211A2D3E, created 2012-08-24

$ cat issue.sig   
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAABAgAGBQJQoI8zAAoJECZpDtshGi0+x2cH/RsM2LAeXTZkL792jJTVyoyg
Iz/RT3aBZqnqXu2H4O2YB897Qr4vbnoCc5uaTxm4z4jujkRs5l5vfL184Yui+o9g
eJW/Q+RegiMdgZMGY48xqz0sJMM1q2nJGy1c5qqX59IuUzslVkw+HxzPnChQHDBV
B7EraKoIvJS8KzHdXF/sQtUnJAlg4ItKW/uc/gNRz7G2O9tCdyTuddlTA6b3dV0I
gYCeF3TMgBMpkrDyYmVc9BkheIZDwy9ce1sRDYFmGpbD/Smae4mXeTgurEbe2bFJ
TqRkB4tMMl4xRd1s+Wtbj3f3hxsLTZn3Wq1n9UlL5Ga/+Tx3gZQAIUYLPwwyD7k=
=G2Qp
-----END PGP SIGNATURE-----
$ gpg --verify issue.sig
gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
$ mv issue.sig my-issue.sig
$ gpg --verify -v my-issue.sig
gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
gpg: no signed data
gpg: can't hash datafile: file open error
$ gpg --verify my-issue.sig issue
gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
$ mv my-issue.sig issue.asc
$ gpg -v --verify issue.asc
gpg: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
gpg: assuming signed data in `issue'
gpg: Signature made Mon 12 Nov 2012 12:54:59 AM EST using RSA key ID 211A2D3E
gpg: using PGP trust model
gpg: Good signature from "Rsaw Rsaw <rsaw@devnull>"
gpg: binary signature, digest algorithm SHA1

    So that should cover that.

    For future reference, this question should not have been posted on Stackoverflow and will probably be moved or closed. It belongs on Unix and Linux or Superuser.

    • 0