Sign a lot of files

Zygo Blaxell fnn0yhmu@umail.furryterror.org
Thu, 24 Feb 2000 04:24:14 GMT


On Wed, 16 Feb 2000 20:40:58 +0100, Thomas Bader <thomasb@trash.net> wrote:

>I've got the following problem: I have a directory tree which should be
>shared to others via anonymous-ftp. How can I make a detached signature
>on all files in this directory tree without suplying my passphrase for
>each file to gpg?
>
>There might be a possibility to use "find" for my problem, but I
>couldn'f figure out how to use it. I tried gpg in conjunction with
>the option "--passphrase-fd 0" and I used "--exec gpg -ba {} < /tmp/pp"
>as an option for find, but gpg complained about a wrong passphrase
>(surely, I put the right passphrase in /tmp/pp).
>Eventually I tried "gpg -ba *" directly in the shell, but gpg signed
>only one file in the directory and ignored the other files in the
>directory (I'm using zsh as shell).
Depending on how the FTP server is used, an alternative is to make one big signed file that lists all the little files: find -type f -print0 | xargs -0 gpg --print-md sha1 > signatures.txt gpg -ba signatures.txt This would be more interesting to mirror operators than anyone else, but it provides a signed file that lists secure hashes of all the files on the FTP site. -- OpenPGP email preferred at <zblaxell@feedme.hungrycats.org>. OpenPGP key available on www.keyserver.net and other fine keyservers. OpenPGP fingerprint: 2B32 546D 21A5 0DB2 20C8 AF10 1D4A 610E 6972 2DEE