Can you use one key to authenticate another key automatically?

Christoph Anton Mitterer cam at
Tue Feb 14 18:24:29 CET 2006

J. Scott Edwards wrote:

>I am working on an app that has hundreds of thousands of files stored
>on a server.  I am planning to have an detached signature for each, to
>insure that they are the originals when they are read by the client
>The question is, if there are multiple people creating the files, is
>there a secure way to automatically verify that each one is authentic?
> For example, could there be one public signature that the user could
>download.  And then when the app downloads a file and sees it was
>signed by another user, the app automatically downloads that user's
>public key, uses the master key to authenticate it.  Or is there a
>gaping hole in this plan, that I am missing?  Is there a better way of
>handling, say hundreds of signatures?
Perhaps what you're looking for are trust signatures...


More information about the Gnupg-devel mailing list