[PATCH] Allow signing of files which are not present on the system
Steven J. Murdoch
gnupg+Steven.Murdoch at cl.cam.ac.uk
Wed Jul 27 20:47:42 CEST 2011
On Wed, Jul 27, 2011 at 07:35:04PM +0200, Werner Koch wrote:
> On Wed, 27 Jul 2011 17:36, gnupg+Steven.Murdoch at cl.cam.ac.uk said:
> > My solution was to modify --print-md to output the intermediate state of the
> > hash calculation, after hashing the file but before finalizing the hash. Then I
> > modified --sign so that it will accept this intermediate state as input.
> That is exactly waht I had in mind once when I was in need for such a
> feature. I never came around to implement it, though.
Good, I'm glad to see I was on the right track. There are some downsides though,
one being that I think the intermediate state is platform-specific (endianness
and sizeof int). Fixing this would I believe require changing all the hash
function implementations, whereas the current patch just copies contextsize
bytes and this works for all supported hash functions as far as I can tell.
> > The attached patch (on GnuPG 1.4.11) works, but needs some cleaning up before it
> > could be merged. My question is whether this feature would be considered for
> > acceptance by the GnuPG team?
> We would first need a copyright assignment to the FSF.
I'll look into this.
> Further I would like to have the user interface more similar to
> --show-session-key/--override-session-key. Maybe --show-md-state and
> --override-md-state where the first would also stop right before actually
> doing the signing.
That sounds like a fine idea. I'm not a GnuPG expert so was not sure what would
be the most consistent UI.
More information about the Gnupg-devel