Can you use one key to authenticate another key automatically?
Christoph Anton Mitterer
cam at mathematica.scientia.net
Tue Feb 14 18:24:29 CET 2006
J. Scott Edwards wrote:
>I am working on an app that has hundreds of thousands of files stored
>on a server. I am planning to have an detached signature for each, to
>insure that they are the originals when they are read by the client
>The question is, if there are multiple people creating the files, is
>there a secure way to automatically verify that each one is authentic?
> For example, could there be one public signature that the user could
>download. And then when the app downloads a file and sees it was
>signed by another user, the app automatically downloads that user's
>public key, uses the master key to authenticate it. Or is there a
>gaping hole in this plan, that I am missing? Is there a better way of
>handling, say hundreds of signatures?
Perhaps what you're looking for are trust signatures...
More information about the Gnupg-devel