Generate digest and signature seperately
Kerrick Staley
mail at kerrickstaley.com
Mon Jun 13 01:00:06 CEST 2011
On Sun, Jun 12, 2011 at 5:37 PM, Jerome Baum <jerome at jeromebaum.com> wrote:
>
> On Sun, Jun 12, 2011 at 23:15, Kerrick Staley <mail at kerrickstaley.com> wrote:
> > Is it possible to generate the digest for a file, and then create the
> > signature from that digest later?
>
> Problem is, you don't know what you're signing.
I realize that this is a problem; however, it considered to be an
acceptable risk. The same problem happens if the developers sign a
SHA512 of the database. The only way for developers to verify the
database is to copy it to their computer, but this is considered to be
too much of a hassle.
-Kerrick Staley
More information about the Gnupg-users
mailing list