What is the difference between a .asc and a .sig file?
.sig files are binary files while .asc files use the ASCII encoding and are human-readable. The information they are containing is the same.
When you use Kleopatra to sign a file it creates a .sig file by default. When you open it with a text editor you can see some “weird” signs.
In Settings → Configure Kleopatra… → Crypto Operations you can enable “Create signed or encrypted files as text files.” Then Kleopatra will create .asc files. When you open those with a text editor you will see that it contains normal characters which you are able to read.
so from a security perspective, both asc and sig are the exact, the only difference is sig files contain unicode characters you cannot read while asc has the same content as the sig file but in this case you can read the content because it is normal text?
Just to clarify if someone finds this weirdness with a search engine.
From a security perspective files are files which contain data. The filename is irrelevant.
Gpg4win, can encode binary data in base64 encoding so that they are transferable through text channels. When we do this we use .asc for “ASCII armored” data by default.
.asc is the default ending for base64 encoded data. .sig is the default name for a “detached signature”. sig files can be “ASCII armored” or not. For Gpg4win this is irrelevant.
.asc can contain anything, encrypted data, certificates, etc. Similarly a .sig can contain anything. Names are just names it is the data that counts. The name might give a “hint” to the operating system. But Kleopatra looks into the data itself to check what to do with a given file.