--clearsign with file containing --

Ingo Klöcker ingo.kloecker@epost.de
Wed Mar 19 00:35:03 2003

Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 18 March 2003 19:31, 5468696A6D656E wrote:
> Only problem left is how i can know which hash is used when i
> execute --detach-sign.
> Using --status-fd does not show the hash either.
> Only thing i can think of is this:
> gpg -a --clearsign -o output input
> (get the used hash from the Hash: header)
> gpg -a --detach-sign -o output input
> (use hash, input and output to construct a rfc 3156 signature)
> Am i missing something obvious to make this easier?

Well, I guess that you can get the hash that is used from the=20
corresponding bits in the signature. In clearsigned messages the hash=20
is mentioned at the start of the clearsigned message so that gpg only=20
needs to parse the clearsigned message once. The hash is mentioned=20
because the signature is at the end of the clearsigned message.

With detached signatures the Hash: header isn't necessary since the=20
detached signature (which contains info about the hash algorithm that=20
was used) is known to gpg before it starts to verify the signature.

I guess you know that you have to replace all line endings with CRLF=20
before you create the detached signature if you want to create an RFC=20
3156 compliant message. Furthermore the signed data must not contain=20
any non-ASCII characters (i. e. you must probably encode the=20
to-be-signed data).


Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)