Generate digest and signature seperately
Jerome Baum
jerome at jeromebaum.com
Tue Jun 14 02:42:56 CEST 2011
On Tue, Jun 14, 2011 at 02:31, Kerrick Staley <mail at kerrickstaley.com> wrote:
> Just to make sure that I'm understanding this, a complete PGP signature does
> not embed information about whether it is the signature of a file or the
> signature of a certificate, so it's a bad idea to sign a remotely generated
> digest?
It does, and the hash it signs is generated from that (key) data
prefixed with a string that differs between certs and data sigs.
--
Jerome Baum
tel +49-1578-8434336
email jerome at jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
More information about the Gnupg-users
mailing list