Generate digest and signature seperately
dshaw at jabberwocky.com
Tue Jun 14 04:58:47 CEST 2011
On Jun 13, 2011, at 8:31 PM, Kerrick Staley wrote:
> Just to make sure that I'm understanding this, a complete PGP signature does not embed information about whether it is the signature of a file or the signature of a certificate, so it's a bad idea to sign a remotely generated digest?
No, it's the other way. A PGP signature does embed information about all sorts of things, including whether it is the signature of a file or signature over a certificate.
More information about the Gnupg-users