WARNING: signature digest conflict in message ?

Brian Candler B.Candler at pobox.com
Thu Sep 25 21:17:25 CEST 2008


On Thu, Sep 25, 2008 at 04:03:47PM +0200, Matija Nalis wrote:
> That is indeed very reasonable (I didn't think of big non-seekable
> stream and was hoping for 2-pass or buffer) and obviously the right
> way to do it, not to mention conforming to RFC.
> 
> (although as alternative it might also sequentially generate all
> supported hashes as it goes, and then drop the unneeded ones; but
> this would also be an inexcusable waste of resources)

I wonder if in principle another option would be to take the clearsigned
message, reformat it as message plus detached signature, and then process
that. (This could be done in one pass, and then the actual verification
would be a second pass)

These might be useful transformations, but I don't know if there are
existing tools to do them:

    signed message <------------> message + detached signature

    clearsigned message <-------> message + detached signature

I'd be interested in knowing if they do exist.

Regards,

Brian.



More information about the Gnupg-devel mailing list