dshaw at jabberwocky.com
Fri Jun 18 15:25:44 CEST 2010
> On Jun 17, 2010, at 11:33 PM, Boris wrote:
> > Hi,
> > I would like to know if there is a way to add multiple signatures for a file (in a separate file) and check who signed with just one command (so not by signing a signed file...).
> gpg -u signer_1 -u signer_2 -u signer_3 --detach-sign file-to-sign
> You'll end up with a file-to-sign.sig that contains all three signatures. When you verify file-to-sign.sig, all three signatures will be checked.
> Alternately, you can do the same "multiple signer" trick with regular --sign if you want the data and signatures to be put together into a single file.
On Jun 18, 2010, at 9:14 AM, Boris wrote:
> Ok, Thanks David,
> But what if the file is signed by people working on different computers?
> So they will had their signature on the current separate file (correesponding to the people who already signed a specific file).
If you want a bunch of people all signing the same file, have each signer do this:
gpg -u signer-X -o signer-X-signature --detach-sign file-to-sign
Then have them all send you their "file-to-sign.sig" files. You create a file containing all of them:
cat signer-1-signature signer-2-signature signer-3-signature > file-to-sign.sig
Then anyone can verify file-to-sign.sig against the original file-to-sign and see all the signatures verified.
More information about the Gnupg-users