Generate digest and signature seperately
mail at kerrickstaley.com
Mon Jun 13 01:00:06 CEST 2011
On Sun, Jun 12, 2011 at 5:37 PM, Jerome Baum <jerome at jeromebaum.com> wrote:
> On Sun, Jun 12, 2011 at 23:15, Kerrick Staley <mail at kerrickstaley.com> wrote:
> > Is it possible to generate the digest for a file, and then create the
> > signature from that digest later?
> Problem is, you don't know what you're signing.
I realize that this is a problem; however, it considered to be an
acceptable risk. The same problem happens if the developers sign a
SHA512 of the database. The only way for developers to verify the
database is to copy it to their computer, but this is considered to be
too much of a hassle.
More information about the Gnupg-users