pjemen at gmail.com
Tue Oct 11 13:55:45 CEST 2011
On 3. 10. 2011 23:59, David Shaw wrote:
> On Oct 3, 2011, at 1:49 PM, pet jemen wrote:
>> I want to sign binary data in OpenPGP Message Format.
>> I want sign it by two or more keys.
>> According to http://tools.ietf.org/html/rfc4880#section-5.4 it seems it is possible.
>> (A one-octet number holding a flag showing whether the signature is nested. A zero value indicates that the next packet is another One-Pass Signature packet that describes another signature to be applied to the same message data.)
>> I'd like to use gpg from command-line to sign an input file by two keys.
>> I tried to sign it by:
>> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test1 (test1)<test1 at test1.org>" -o %1.signed --sign %1
>> gpg2.exe --quiet --yes --force-v3-sigs -z 0 -u "test2 (test2)<test2 at test2.org>" -o %1.signed2 --sign %1.signed
>> But the second signature signed the first one also with the first signature.
>> I need to sign it in way were I can verify signature of signed data by both keys (the last octet of One-Pass Signature Packets (Tag 4) packet should be equal to zero).
> Just repeat -u as many times as you need:
> gpg -u the-first-key -u the-second-key -u the-third-key -u etc --sign thefile
Thank you for your advice.
It is exactly what I was looking for.
I've few more questions.
Reason why I want sign files this way is to maintain compatibility and
add additional signature for verifying.
I'd like to sign file in batch mode this way.
gpg2.exe --batch --quiet --yes --force-v3-sigs -z 0 --s2k-digest-algo
SHA-1 --passphrase-file %passFile1% -u "t0001 <t0001 at t0001.com>"
--s2k-digest-algo SHA512 --passphrase-file %passFile2% -u "t0002
<t0002 at t0002.com>" -o %1.signed --sign %1
It sees that pgp doesn't take password from files if I sign by multiple
If I sign files just by one key it works.
Is there a way how to sign file with multiple signatures by two commands
and to get the same OpenPgp binary format?
Other problem I've noticed when I signed file in non-batch mode is that
I’ve specified to use SHA512 for second signature.
Problem is that the 3rd octed of One-Pass Signature Packetbodyin signed
file is 0x08 which is sha256 according
Any ideas why there isn't 0x0a?
Any help is welcome.
More information about the Gnupg-users