gnupg clearsigning question
kennethfinnegan2007 at gmail.com
Thu Dec 28 06:44:46 CET 2006
It would add the requirement that he had control of his PGP key, but a
smarter thing to do would be to just encrypt his TrueCrypt volume with
PGP. Same effect with a lot less pain.
But at some point you really need to face when the encryption is
overkill relative to the security needed.
Webmaster - http://ducttape.pbwiki.com/
Yahoo: KennethFinnegan2007 at yahoo.com
MSN: KennethFinnegan2007 at yahoo.com
David Shaw wrote:
> On Wed, Dec 27, 2006 at 01:25:34PM -0500, vedaal at hush.com wrote:
>> is it possible to construct a gnupg signature that is the same each
>> for the same file (and same signing key and hash ) ?
>> would like to do something like this for use as a truecrypt keyfile:
>> the truecrypt volume is on a usb drive,
>> the outer volume would contain the gnupg keyrings,
>> the rest of the usb drive contains miscellenaous files,
>> one of these is used for a keyfile for the outer volume,
>> what i would like to do,
>> is clearsign one of the many textfiles on the usb,
>> and use that clearsigned textfile as a keyfile for the hidden volume
>> the problem is,
>> that this changes each time it is signed ;-(((
>> is the only reason it changes because of the timestamp?
>> (and then would just resetting the computer clock to time time of
>> the original signing work?
>> assuming it would be set to a minute or so before, and signed
>> repeatedly until the timestamp was right to the second)
>> if the timestamp is the only thing making the signature different,
>> would it be possible to request a feature option where the
>> timestamp is omitted?
>> (this wouldn't affect open-pgp compatibility)
> DSA signatures contain random data, so even if you hacked around the
> timestamp problem, the signature would not match. RSA signatures do
> not contain random data.
> However, even if you managed to do this with an RSA key, why on earth
> would you want to construct such a massively convoluted way, involving
> hacking around the clock on your computer, just to generate a key that
> would be not good as a simple file with random numbers in it would be?
> Why create complications when the simple answer is both easier and
> more secure?
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users