Generate digest and signature seperately
mail at kerrickstaley.com
Tue Jun 14 02:31:01 CEST 2011
Just to make sure that I'm understanding this, a complete PGP signature does
not embed information about whether it is the signature of a file or the
signature of a certificate, so it's a bad idea to sign a remotely generated
On Mon, Jun 13, 2011 at 5:36 PM, Faramir <faramir.cl at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> El 13-06-2011 11:39, Hauke Laging escribió:
> > I would like to have the possibility to pass the hash to be signed.
> I suppose if the hash is sent using a "secure" connection, it should
> be safe enough. But that option, no doubt, would be an "expert" option.
> It sounds interesting to me, but of course, I'm not the one writing the
> Best Regards
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users