Verifying signcrypted data with detached signature/ Setting
Hash for verify
Werner Koch
wk at gnupg.org
Fri Feb 27 11:05:28 CET 2004
On Wed, 25 Feb 2004 10:31:08 -0800 (PST), Harakiri said:
> when i try to verify signcrypted data which has a
> detached signature gpg always ask for a DATA file.
signed+encrypted data is different from detached signature. gpg does
not interpret the data inside a OpenPGP message. Thus if you want to
have detached signature and a data file inside an OpenPGP message, you
must first pack those 2 files into some kind of archive and the apply
the other signature and encryption.
> Now i dont have this file yet (obviously) since the
> decrypt process is not finished yet.
Hmm, I don't undertsand what you are going to achieve.
> Why is gpg unable to handle detached signatures
> without the --output param. Also, can i save the *.sig
gpg --verify foo.sig foo
works fine for everyone, why do you want to output something for a
detached signature?
> Finally, is it possibily to specify a HASH ALG (i.e.
> SHA1) while verifying - for example if the header of a
According to OpenPGP, a missing Hash header means MD5. In theory we
could setup hash context for all avaibale algorithms but this is slow
and it is far easier to a add a "Hash: SHA1" line to the message if
you somehow got a crippled message.
Werner
More information about the Gnupg-devel
mailing list