Multiple signatures

Doug Barton dougb at dougbarton.us
Tue Oct 4 00:11:10 CEST 2011


On 10/03/2011 14:39, Aaron Toponce wrote:
> On Mon, Oct 03, 2011 at 07:49:21PM +0200, pet jemen wrote:
>> I want to sign binary data in OpenPGP Message Format.
>> I want sign it by two or more keys.
>> According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is
>> possible.
>>  (A one-octet number holding a flag showing whether the signature is
>> nested.  A zero value indicates that the next packet is another One-Pass
>> Signature packet that describes another signature to be applied to the same
>> message data.)
>>
>> I'd like to use gpg from command-line to sign an input file by two keys.
>> I tried to sign it by:
>>    gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1) <
>> test1 at test1.org>" -o %1.signed --sign %1
>>    gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2) <
>> test2 at test2.org>" -o %1.signed2 --sign %1.signed
>>
>> But the second signature signed the first one also with the first signature.
>> I need to sign it in way were I can verify signature of signed data by both
>> keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be
>> equal to zero).
> 
> You should use detached signatures:
> 
>     $ gpg -b -u $KEYID1 file.txt > sig1.gpg
>     $ gpg -b -u $KEYID2 file.txt > sig2.gpg
> 
> At this point, just concatenate the two detached sigs:
> 
>     $ cat sig1.gpg sig2.gpg > signatures.gpg

Wouldn't it be easier to just use >>


:)

Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/




More information about the Gnupg-users mailing list