Files that can not be internally signed have a detached GPG signature. For
example, the TAR archive bsu-3.0.2.tar.gz
has been signed with my default
key using the command:
gpg -sign -armor -b bsu-3.0.2.tar.gz
This produces a file bsu-3.0.2.tar.gz.asc
which is the detached
signature. This signature may be verified with my public key. If the *.asc and
*.tar.gz file are in the same directory, one would issue the following command:
gpg -verify bsu-3.0.2.tar.gz.asc
A more complete command would also include the file being checked as an additional argument:
gpg -verify bsu-3.0.2.tar.gz.asc bsu-3.0.2.tar.gz