Generate digest and signature seperately

Werner Koch wk at
Mon Jun 13 10:47:34 CEST 2011

On Sun, 12 Jun 2011 23:15, mail at said:

> Is it possible to generate the digest for a file, and then create the
> signature from that digest later?

No, this is not possible.  We once considered to implement such a
feature but dropped that plan.  The technical problem is that with
OpenPGP you don't just sign a plain hash of the message but the hash of
a modified message (in text mode) and further the hash includes a few
magic bytes.  Thus to implement such a feature we we would need to do a
incomplete hash on the server and complete it on the client.  It is
doable but would look ugly.

My suggestion is to sign a the hash of the file; i.e. create a file with
the SHA-x digests on the remote box, download it and sign it on the
local box.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list