Multiple signatures
Aaron Toponce
aaron.toponce at gmail.com
Mon Oct 3 23:39:02 CEST 2011
On Mon, Oct 03, 2011 at 07:49:21PM +0200, pet jemen wrote:
> I want to sign binary data in OpenPGP Message Format.
> I want sign it by two or more keys.
> According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is
> possible.
> (A one-octet number holding a flag showing whether the signature is
> nested. A zero value indicates that the next packet is another One-Pass
> Signature packet that describes another signature to be applied to the same
> message data.)
>
> I'd like to use gpg from command-line to sign an input file by two keys.
> I tried to sign it by:
> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) <
> test1 at test1.org>" -o %1.signed --sign %1
> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) <
> test2 at test2.org>" -o %1.signed2 --sign %1.signed
>
> But the second signature signed the first one also with the first signature.
> I need to sign it in way were I can verify signature of signed data by both
> keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be
> equal to zero).
You should use detached signatures:
$ gpg -b -u $KEYID1 file.txt > sig1.gpg
$ gpg -b -u $KEYID2 file.txt > sig2.gpg
At this point, just concatenate the two detached sigs:
$ cat sig1.gpg sig2.gpg > signatures.gpg
It should be easily verified at this point.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20111003/891d5382/attachment.pgp>
More information about the Gnupg-users
mailing list