Generate digest and signature seperately
jerome at jeromebaum.com
Mon Jun 13 19:05:27 CEST 2011
> We had a discussion about smart-card signatures here and basically the
> issue with passing just a hash is that you can't distinguish data
> signatures from certifications/key signatures.
To clarify, you can't tell from the hash, and you can't really add a
packet "I'm signing data here" vs. "I'm signing a key here". At least
that's what I got from the discussion on smart-cards, YMMV when it
comes to a full-blown gnupg install.
Of course, you could solve this problem by signing with a sub-key,
which isn't meant to certify other keys. I do wonder how e.g. PGP
would react on seeing a key certification from a sub-key.
email jerome at jeromebaum.com
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
More information about the Gnupg-users