How to modify a GPG signed file while preserving the signature?
 

Hi all.

I need to do some modifications to a GPG signed file (signed with my own gpg-key), but if I simply edit it the signature is no longer valid (as it would be expected).

What is the correct way to modify a GPG signed file? I'm thinking of:
1) remove the signature, edit the file, apply the signature again
2) remove the file, edit an unsigned backup copy then sign it
3) use some tool - which I'm not aware of - to edit the signed file.

Also I cannot find a gpg option to simply remove the signature from an already signed file. I see only options/commands to remove a key from my own database. Thank you.

I believe that method 2 is theoretically the only solution. If any other solution could work then GPG would be worthless.

Good point. I assumed that upon trying to remove the signature, gpg asked the secret passphrase, but maybe my assumption is totally wrong. Thank you, stress_junkie.

Method 1 would work too. The signature is basically just a unique hash of the file appended to the end (or perhaps at the beginning, dunno really for binary files). The 'file' itself doesn't get affected, so you can edit to your hearts content.

When you've finished, just resign it. It's easy to do with ASCII files by removing the relevant lines. For binary, the functionality is included in the --decrypt option. Just run 'gpg --output cleanfile --decrypt signedfile' which strips out the signature and uncompresses 'signedfile' to give you the original 'cleanfile'.

Hope this helps.

edit: I just re-read your method 1 proposition, and it doesn't work. You can't use an old signature on a modified file. As stress junkie correctly pointed out, it would make GPG worthless. There's not need to resort to a backup though, so you might still use the info above.

Hi beadyallen. The suggested command works like a charm:
I tried also to delete the gpg signature (both at the beginning and at the end of the signed file) and it works too. Thank for the advice.