0

We can sign a file with

gpgp
:

gpg -s file.pdf

Which generates a file signature

file.pdf.gpg
.

It is also possible to make a detached signature:

gpg -b file.pdf

Which generates

file.pdf.sig
.

I noticed that the

*.sig
files are always 566 bytes, while the size of
*.gpg
is proportional to the size of the original file.

My questions are:

  • What is the difference between a GPG signature and a detached signature?
  • Why are
    *.gpg
    signatures larger?
  • Is one more secure than the other?
Asked question