gnupg clearsigning question

Kenneth Finnegan kennethfinnegan2007 at gmail.com
Thu Dec 28 06:44:46 CET 2006


It would add the requirement that he had control of his PGP key, but a
smarter thing to do would be to just encrypt his TrueCrypt volume with
PGP.  Same effect with a lot less pain.

But at some point you really need to face when the encryption is
overkill relative to the security needed.

Kenneth Finnegan
     Webmaster - http://ducttape.pbwiki.com/
     AIM: PhirePyro
     Yahoo: KennethFinnegan2007 at yahoo.com
     MSN: KennethFinnegan2007 at yahoo.com
     Skype: kenneth.finnegan
     PGP: 0xF969DD2D

David Shaw wrote:
> On Wed, Dec 27, 2006 at 01:25:34PM -0500, vedaal at hush.com wrote:
>> is it possible to construct a gnupg signature that is the same each 
>> time
>> for the same file (and same signing key and hash ) ?
>>
>> would like to do something like this for use as a truecrypt keyfile:
>>
>> the truecrypt volume is on a usb drive,
>> the outer volume would contain the gnupg keyrings,
>> the rest of the usb drive contains miscellenaous files,
>> one of these is used for a keyfile for the outer volume,
>>
>> now,
>> what i would like to do,
>> is clearsign one of the many textfiles on the usb,
>> and use that clearsigned textfile as a keyfile for the hidden volume
>>
>>
>> the problem is,
>> that this changes each time it is signed ;-(((
>>
>> is the only reason it changes because of the timestamp?
>> (and then would just resetting the computer clock to time time of 
>> the original signing work?
>> assuming it would be set to a minute or so before, and signed 
>> repeatedly until the timestamp was right to the second)
>>
>> if the timestamp is the only thing making the signature different,
>> would it be possible to request a feature option where the 
>> timestamp is omitted?
>> (this wouldn't affect open-pgp compatibility)
> 
> DSA signatures contain random data, so even if you hacked around the
> timestamp problem, the signature would not match.  RSA signatures do
> not contain random data.
> 
> However, even if you managed to do this with an RSA key, why on earth
> would you want to construct such a massively convoluted way, involving
> hacking around the clock on your computer, just to generate a key that
> would be not good as a simple file with random numbers in it would be?
> 
> Why create complications when the simple answer is both easier and
> more secure?
> 
> David
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



More information about the Gnupg-users mailing list