--clearsign with file containing --
Wed Mar 19 00:35:03 2003
Content-Description: signed data
On Tuesday 18 March 2003 19:31, 5468696A6D656E wrote:
> Only problem left is how i can know which hash is used when i
> execute --detach-sign.
> Using --status-fd does not show the hash either.
> Only thing i can think of is this:
> gpg -a --clearsign -o output input
> (get the used hash from the Hash: header)
> gpg -a --detach-sign -o output input
> (use hash, input and output to construct a rfc 3156 signature)
> Am i missing something obvious to make this easier?
Well, I guess that you can get the hash that is used from the=20
corresponding bits in the signature. In clearsigned messages the hash=20
is mentioned at the start of the clearsigned message so that gpg only=20
needs to parse the clearsigned message once. The hash is mentioned=20
because the signature is at the end of the clearsigned message.
With detached signatures the Hash: header isn't necessary since the=20
detached signature (which contains info about the hash algorithm that=20
was used) is known to gpg before it starts to verify the signature.
I guess you know that you have to replace all line endings with CRLF=20
before you create the detached signature if you want to create an RFC=20
3156 compliant message. Furthermore the signed data must not contain=20
any non-ASCII characters (i. e. you must probably encode the=20
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----