tl;dr: set the --textmode option.
From RFC 4880, 5.2.4. Computing Signatures:
5.2.4. Computing Signatures
All signatures are formed by producing a hash over the signature data, and then using the resulting hash in the signature algorithm.
For binary document signatures (type
0x00), the document data is hashed directly. For text document signatures (type0x01), the document is canonicalized by converting line endings to<CR><LF>, and the resulting data is hashed.
In other words, you need to make sure GnuPG treats the document as a text document while signing, which needs to be enabled using the --textmode option:
gpg --textmode --detach --sign file By running gpg --list-packets signature-file, you will observe the different signature types from RFC 4880, the second line containing sigclass 0x01 with --textmode set instead of sigclass 0x00 without.
From man gpg (it is the same for GnuPG 2):
-t, --textmode
--no-textmodeTreat input files as text and store them in the OpenPGP canonical text form with standard "CRLF" line endings. This also sets the necessary flags to inform the recipient that the encrypted or signed data is text and may need its line endings converted back to whatever the local system uses. This option is useful when communicating between two platforms that have different line ending conventions (UNIX-like to Mac, Mac to Windows, etc).
--no-textmodedisables this option, and is the default.If
-t(but not--textmode) is used together with armoring and signing, this enables clearsigned messages. This kludge is needed for command-line compati‐bility with command-line versions of PGP; normally you would use--signor--clearsignto select the type of the signature.