[PATCH] Distant signatures

Marcus Brinkmann Marcus.Brinkmann at ruhr-uni-bochum.de
Wed Jul 3 07:16:03 CEST 2002

On Wed, Jul 03, 2002 at 05:34:00AM +0200, Petr Baudis wrote:
>   This is very useful in ie. this scenario: on server A, you have huuuge file
> and on server B, you have your private key and you would like to sign file from
> server A with it, but you don't want to download the file from server A to
> server B, and you don't trust server A enough to transfer your private key
> there.

If you don't trust server A, how can you be sure that the generated hash is
really the one you want to sign?  The problem with a detached signature like
the one you described is that you don't know what you sign if you can't
verify the hash on the trusted system.  I think this approach is
fundamentally flawed.

OTOH, even if you trust A, you may not trust the communication channel (it
could be sniffed), and then detached signatures are useful again (as long as
the communication channel can only be inspected and not be used for a man in
the middle attack), because it allows you to avoid moving the secret key

In real world, your security requirements might not be as strict as
described above.  Still, I think this feature is somewhat dangerous.


`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd at debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus at gnu.org
Marcus.Brinkmann at ruhr-uni-bochum.de

More information about the Gnupg-devel mailing list