Let's say you verify someone's signature with GPG:
$ gpg --decrypt statement.txt.sig
"I am not a crook."
gpg: Signature made 17 Nov 1973 9:31:50 AM CDT using RSA key ID 92861D99
gpg: Good signature from "Richard Nixon <[email protected]>"
gpg: aka "[jpeg image of size 19022]"
The statement.txt.sig
file obviously includes the statement/data that is signed as well as the public key of the person who signed it. However, there is a lot more information included in the output, such as the full name and email address, as well as a JPEG image that was included with the public key of the signer.
Where is GPG getting that extra data from? Was it included in the file statement.txt.sig
, or is it looking at your keyring and "filling in" all the extra details that you have on the person?