Multiple signatures

Aaron Toponce aaron.toponce at
Mon Oct 3 23:39:02 CEST 2011

On Mon, Oct 03, 2011 at 07:49:21PM +0200, pet jemen wrote:
> I want to sign binary data in OpenPGP Message Format.
> I want sign it by two or more keys.
> According to it seems it is
> possible.
>  (A one-octet number holding a flag showing whether the signature is
> nested.  A zero value indicates that the next packet is another One-Pass
> Signature packet that describes another signature to be applied to the same
> message data.)
> I'd like to use gpg from command-line to sign an input file by two keys.
> I tried to sign it by:
>    gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) <
> test1 at>" -o %1.signed --sign %1
>    gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) <
> test2 at>" -o %1.signed2 --sign %1.signed
> But the second signature signed the first one also with the first signature.
> I need to sign it in way were I can verify signature of signed data by both
> keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be
> equal to zero).

You should use detached signatures:

    $ gpg -b -u $KEYID1 file.txt > sig1.gpg
    $ gpg -b -u $KEYID2 file.txt > sig2.gpg

At this point, just concatenate the two detached sigs:

    $ cat sig1.gpg sig2.gpg > signatures.gpg

It should be easily verified at this point.

. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 527 bytes
Desc: Digital signature
URL: </pipermail/attachments/20111003/891d5382/attachment.pgp>

More information about the Gnupg-users mailing list