Validate a detached signature
This article is a follow-up for the Unprotect an OpenPGP File article.
A signature is called detached if it is stored separately from the signed data. In the detached scenario, you distribute the data and the signature independently. To validate a detached signature, the processing party needs both the original data and the signature - in contrast to generic or cleartext signatures, where both the signature and the data are included in the same OpenPGP blob.
Detached signatures, just like generic ones, are processed with TElPGPReader component. While any preparations for detached signature validation – such as key setup and event handling – are performed in exactly same way as you do with generic signatures, the actual method that you call to process the data differs.
Note. As detached signatures do not contain encrypted or compressed data, and as there is no data to extract, such events as OnEncrypted, OnCompressed, OnTemporaryStream, OnCreateOutputStream or OnRequestOutputFile events will not be fired.