Return to Question

culling [signature] (see https://meta.superuser.com/q/10851 )

Link

edit approved Oct 27, 2015 at 9:25

Blacklight Shining

2.4k
6
35
54

Source Link

asked Sep 15, 2014 at 5:55

IQAndreas

4.1k
6
30
48

How much information is included with a GPG signature?

Let's say you verify someone's signature with GPG:

$ gpg --decrypt statement.txt.sig 
"I am not a crook."
gpg: Signature made 17 Nov 1973 9:31:50 AM CDT using RSA key ID 92861D99
gpg: Good signature from "Richard Nixon <[email protected]>"
gpg:                 aka "[jpeg image of size 19022]"

The statement.txt.sig file obviously includes the statement/data that is signed as well as the public key of the person who signed it. However, there is a lot more information included in the output, such as the full name and email address, as well as a JPEG image that was included with the public key of the signer.

Where is GPG getting that extra data from? Was it included in the file statement.txt.sig, or is it looking at your keyring and "filling in" all the extra details that you have on the person?

gnupg pgp signature