tl; dr: defina a opção --textmode .
De RFC 4880, 5.2.4. Assinaturas Computacionais :
5.2.4. Computing Signatures
All signatures are formed by producing a hash over the signature data, and then using the resulting hash in the signature algorithm.
For binary document signatures (type
0x00), the document data is hashed directly. For text document signatures (type0x01), the document is canonicalized by converting line endings to<CR><LF>, and the resulting data is hashed.
Em outras palavras, você precisa ter certeza de que o GnuPG trata o documento como um documento de texto durante a assinatura, que precisa ser ativado usando a opção --textmode :
gpg --textmode --detach --sign file
Ao executar gpg --list-packets signature-file , você observará os diferentes tipos de assinatura do RFC 4880, a segunda linha contendo sigclass 0x01 com --textmode set em vez de sigclass 0x00 sem.
De man gpg (é o mesmo para o GnuPG 2):
-t, --textmode--no-textmodeTreat input files as text and store them in the OpenPGP canonical text form with standard "CRLF" line endings. This also sets the necessary flags to inform the recipient that the encrypted or signed data is text and may need its line endings converted back to whatever the local system uses. This option is useful when communicating between two platforms that have different line ending conventions (UNIX-like to Mac, Mac to Windows, etc).
--no-textmodedisables this option, and is the default.If
-t(but not--textmode) is used together with armoring and signing, this enables clearsigned messages. This kludge is needed for command-line compati‐bility with command-line versions of PGP; normally you would use--signor--clearsignto select the type of the signature.