// glossary / detached-signature

Detached signature.

Proof of authorship that travels beside the file. A detached signature is a small separate .sig that says 'this exact file was signed by this key' without bundling or altering the original.

// definition

A detached signature is a signature stored separately from the data it covers. AgePony produces detached SSHSIG signatures, so the original file is untouched and the signature ships alongside it.

What it is

Signing computes a signature over the file's contents and writes it to its own file. Verifying takes the original file, the signature, and the signer's public key, and confirms the file is unmodified and was signed by that key.

Why it matters

Detached signatures keep the original file byte-identical — important for releases, binaries, and anything that must hash to a known value. Recipients verify with stock OpenSSH and your published public key.

// in AgePony AgePony writes detached SSHSIG signatures and verifies them in-app, and they also verify with ssh-keygen -Y verify on any machine.

Related terms

Common questions.

Why detached and not inline?

Detached signatures leave the original file unchanged, which matters for checksums and reproducible artifacts.

What do I need to verify?

The file, the .sig, and the signer's public key.

Get AgePony

Free file encryption for iOS and Android. No accounts, no tracking, no servers.

Download on the App Store Get it on Google Play