Generate digest and signature seperately

Kerrick Staley mail at
Mon Jun 13 01:00:06 CEST 2011

On Sun, Jun 12, 2011 at 5:37 PM, Jerome Baum <jerome at> wrote:
> On Sun, Jun 12, 2011 at 23:15, Kerrick Staley <mail at> wrote:
> > Is it possible to generate the digest for a file, and then create the
> > signature from that digest later?
> Problem is, you don't know what you're signing.

I realize that this is a problem; however, it considered to be an
acceptable risk. The same problem happens if the developers sign a
SHA512 of the database. The only way for developers to verify the
database is to copy it to their computer, but this is considered to be
too much of a hassle.

-Kerrick Staley

More information about the Gnupg-users mailing list