--clearsign with file containing --

[Ingo Klöcker]

--Boundary-02=_c15d+qS0X8Jx8WG
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 18 March 2003 19:31, 5468696A6D656E wrote:
> Only problem left is how i can know which hash is used when i
> execute --detach-sign.
> Using --status-fd does not show the hash either.
>
> Only thing i can think of is this:
> gpg -a --clearsign -o output input
> (get the used hash from the Hash: header)
> gpg -a --detach-sign -o output input
> (use hash, input and output to construct a rfc 3156 signature)
>
> Am i missing something obvious to make this easier?

Well, I guess that you can get the hash that is used from the=20
corresponding bits in the signature. In clearsigned messages the hash=20
is mentioned at the start of the clearsigned message so that gpg only=20
needs to parse the clearsigned message once. The hash is mentioned=20
because the signature is at the end of the clearsigned message.

With detached signatures the Hash: header isn't necessary since the=20
detached signature (which contains info about the hash algorithm that=20
was used) is known to gpg before it starts to verify the signature.

I guess you know that you have to replace all line endings with CRLF=20
before you create the detached signature if you want to create an RFC=20
3156 compliant message. Furthermore the signed data must not contain=20
any non-ASCII characters (i. e. you must probably encode the=20
to-be-signed data).

Regards,
Ingo


--Boundary-02=_c15d+qS0X8Jx8WG
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+d51cGnR+RTDgudgRAuj2AKCaXR5C6VvllfSsrcDnWYPZ2z8LoQCePlNf
4l01I+6t55z4fwtyuA+Muj8=
=SZHf
-----END PGP SIGNATURE-----

--Boundary-02=_c15d+qS0X8Jx8WG--