[PATCH] Distant signatures

Werner Koch wk at gnupg.org
Wed Jul 3 10:36:02 CEST 2002

On Wed, 3 Jul 2002 06:16:42 +0200, Marcus Brinkmann said:

> If you don't trust server A, how can you be sure that the generated hash is
> really the one you want to sign?  The problem with a detached signature like
> the one you described is that you don't know what you sign if you can't
> verify the hash on the trusted system.  I think this approach is
> fundamentally flawed.

There are situations where this can really come handy and I have
thought about this for a while: I keep my certification key (5B0358a2)
offline and use it only on a floppy-only-connected laptop.  From time
to time some folks send me a challenge I should sign; there is no
standard format for it and thus I have to go into great length to
process the mail offline.  It would be far easier to create the
required hash on my normal machine and transfer this hash along with
the other keys I am going to sign to the laptop, later on pasting the
created signature back into the response.

Similar to Petr's requirement, one might want to sign a new package
which does not fit onto a floppy (think of gcc) but still keep the
signing key at a safer place.  Yes, this does not make the signature
in anyway safer but it protect the signing key better against

> In real world, your security requirements might not be as strict as
> described above.  Still, I think this feature is somewhat dangerous.

There are also a lot of other dangerous features which could do a lot
of harm if used by the unaware, so another expert option would be
okay.  We might implement this later but not for 1.2



More information about the Gnupg-devel mailing list