Support for signature-from-message-digest

Werner Koch wk at
Fri Oct 2 08:29:02 CEST 2015

On Thu,  1 Oct 2015 23:45, pde-lists at said:
> Sometimes it is useful to be able to produce detached signatures on files
> given only the file's message digest as an input.  We've been able to get
> this to work with openssl / smime signatures, but are wondering if there
> would be an easy way of getting gpg to accept a message digest as an input
> file, rather than trying to compute it from the input file?

We got this request several times in the last decade.  However, it is
not easy to do because OpenPGP hashes some extra bytes and thus you
would need to take a snapshot of the message digest before it has been
finalized.  This is not easy because it requires marshaling to be
platform independent.

The good news is that you do not need it anymore because since 2.1 you
can use ssh to run gpg on the remote machine while keeping the private
key and the signing operation on your local box.  (See gpg-agent's
--extra-socket option)



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list