Generate digest and signature seperately

Kerrick Staley mail at kerrickstaley.com
Sun Jun 12 23:15:04 CEST 2011


Hello,
Is it possible to generate the digest for a file, and then create the
signature from that digest later?

I'm making this inquiry because developers for the Arch Linux distribution
need a way to sign databases (lists of software packages) on the central
repository (package server) without having to copy those repositories to
their local computer and back. There is the option of hashing the databases
and signing the hash, but this introduces additional complexity which
shouldn't be necessary. Another option is copying secret keys to the server,
but this is a bad idea because all developers' keys would need to be revoked
in the event that the server is compromised; key revocation would be a huge
hassle which would be compounded with the need to audit the server's
security.

So, being able to seperate the generation of digests and the generation of
signatures would be very useful, but I cannot find documentation anywhere on
how to do this. Can anyone help?

Thanks,
Kerrick Staley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110612/e705671b/attachment.htm>


More information about the Gnupg-users mailing list