encrypting and signing for pgp2
Holger Schurig
holger@holger.om.org
Mon, 12 Jul 1999 22:10:13 +0200
Werner suggested:
> > 1. create the signed file
> > 2. cut off the signature and move it to the begin
> > 3. encrypt this file
>
Michael replied:
> 1. Read all data from stdin and write it to a tempfile.
> 2. Sign the tempfile.
> 3. Encrypt the signed file.
Both schemes would encrypt the signature itself. Is this really the case
with PGP2 ? I thought not after having a quick look into
/var/doc/pgp-2.6.3i-1/pgformat.doc.
So if the signature is not signed then obiously pgp2 has to make two runs
over the input file. In the case of a file this would work without a temp
file, but if the data comes from a non-seekable source, one would have to
use a temp file (or assume that the file is never bigger than available
memory which seems not to be a valid assumption).
--
Holger Schurig | Die Botschaft vom Kreuz ist dem
Renzstr. 31 | Unglaeubigen eine Torheit.
74821 Mosbach | 1. Korinther 1:18