Detached Signature / Timestapm

skl99999 at skl99999 at
Mon Feb 2 18:25:38 CET 2009


is there a possibility to have gpg2 make a detached cleartext signature? I only seem to be able to have it do either the one or the other.

And the more complex follow on question for all the crypto experts out there: the reason why I want to do that is because I would like to timestamp some files, eg using Now my thought was that I do not really send the file itself (which might be rather big) but that I could sign the file and then timestamp the signature. Would this be enough (1), and would it matter if the password of my signature key would become compromised (2)? May guess is (1) yes, (2) no because I am really only making use of the hashing algorithm, and indeed I also could simply timestamp a hash (is this true?).

The reason that I want to to have a timestamped detached cleartext signature is that I believe that this is a bit more stable than a timestamped detached signature of a binary - views on this?


More information about the Gnupg-users mailing list