gnupg clearsigning question

Kenneth Finnegan kennethfinnegan2007 at
Thu Dec 28 06:44:46 CET 2006

It would add the requirement that he had control of his PGP key, but a
smarter thing to do would be to just encrypt his TrueCrypt volume with
PGP.  Same effect with a lot less pain.

But at some point you really need to face when the encryption is
overkill relative to the security needed.

Kenneth Finnegan
     Webmaster -
     AIM: PhirePyro
     Yahoo: KennethFinnegan2007 at
     MSN: KennethFinnegan2007 at
     Skype: kenneth.finnegan
     PGP: 0xF969DD2D

David Shaw wrote:
> On Wed, Dec 27, 2006 at 01:25:34PM -0500, vedaal at wrote:
>> is it possible to construct a gnupg signature that is the same each 
>> time
>> for the same file (and same signing key and hash ) ?
>> would like to do something like this for use as a truecrypt keyfile:
>> the truecrypt volume is on a usb drive,
>> the outer volume would contain the gnupg keyrings,
>> the rest of the usb drive contains miscellenaous files,
>> one of these is used for a keyfile for the outer volume,
>> now,
>> what i would like to do,
>> is clearsign one of the many textfiles on the usb,
>> and use that clearsigned textfile as a keyfile for the hidden volume
>> the problem is,
>> that this changes each time it is signed ;-(((
>> is the only reason it changes because of the timestamp?
>> (and then would just resetting the computer clock to time time of 
>> the original signing work?
>> assuming it would be set to a minute or so before, and signed 
>> repeatedly until the timestamp was right to the second)
>> if the timestamp is the only thing making the signature different,
>> would it be possible to request a feature option where the 
>> timestamp is omitted?
>> (this wouldn't affect open-pgp compatibility)
> DSA signatures contain random data, so even if you hacked around the
> timestamp problem, the signature would not match.  RSA signatures do
> not contain random data.
> However, even if you managed to do this with an RSA key, why on earth
> would you want to construct such a massively convoluted way, involving
> hacking around the clock on your computer, just to generate a key that
> would be not good as a simple file with random numbers in it would be?
> Why create complications when the simple answer is both easier and
> more secure?
> David
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list