Generate digest and signature seperately

Kerrick Staley mail at kerrickstaley.com
Tue Jun 14 02:31:01 CEST 2011


Just to make sure that I'm understanding this, a complete PGP signature does
not embed information about whether it is the signature of a file or the
signature of a certificate, so it's a bad idea to sign a remotely generated
digest?

-Kerrick Staley


On Mon, Jun 13, 2011 at 5:36 PM, Faramir <faramir.cl at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> El 13-06-2011 11:39, Hauke Laging escribió:
> ...
> > I would like to have the possibility to pass the hash to be signed.
>
>   I suppose if the hash is sent using a "secure" connection, it should
> be safe enough. But that option, no doubt, would be an "expert" option.
> It sounds interesting to me, but of course, I'm not the one writing the
> patch.
>
>  Best Regards
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBCAAGBQJN9pD0AAoJEMV4f6PvczxAC/sH/2iJeXN9zWUIQjO9MlFWk/SX
> UtfCDd4Zvk33J2oqCT7h1mpCdpO2dQ86AkJ8zat5TMH3Ps3r4Ndvvo4CsmJxuP7A
> BchcbEFt2hhKA5uUz5I7omZYdjfNhWKLYieWcCUAPoDJUeuYthUdptEU7OMTEzXQ
> kIstM9sHJfckiCjfB1RC8FuWwtr4jrxa8W42WhxVJQ28SfK2YDj1kReoBB6ALLh/
> iMJBKpNv0mTued3rL93+DtEwJgGMnFi1Zx4ix2u39PuP4EYkKksHY5lswj/7GrvQ
> nCuYo4ai2xBleqvXhqM/UFhbuNmO9RIXKzTYyE9JW76yJAhvvcx7OZukQ1hDFu0=
> =Ttt9
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110613/daa6cc08/attachment.htm>


More information about the Gnupg-users mailing list