Generate digest and signature seperately
Werner Koch
wk at gnupg.org
Mon Jun 13 10:47:34 CEST 2011
On Sun, 12 Jun 2011 23:15, mail at kerrickstaley.com said:
> Is it possible to generate the digest for a file, and then create the
> signature from that digest later?
No, this is not possible. We once considered to implement such a
feature but dropped that plan. The technical problem is that with
OpenPGP you don't just sign a plain hash of the message but the hash of
a modified message (in text mode) and further the hash includes a few
magic bytes. Thus to implement such a feature we we would need to do a
incomplete hash on the server and complete it on the client. It is
doable but would look ugly.
My suggestion is to sign a the hash of the file; i.e. create a file with
the SHA-x digests on the remote box, download it and sign it on the
local box.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list