Is it possible to sign a message with multiple digest algorithms?
Pete Stephenson
pete at heypete.com
Sat Sep 6 23:40:03 CEST 2014
Hi all,
Is it possible to sign a message (or certify a key) with multiple digest
algorithms?
For example, one might wish to sign a message with both SHA256 and
RIPEMD160.
If so, how would one go about doing this?
I would imagine that, if possible, the command would be similar to "gpg
--armor --digest-algo SHA256 RIPEMD160 --clearsign" but this fails.
If it is possible, how does GPG handle multiple signatures? That is, is
it required that all signatures must be valid for the message to be
considered valid, or is the message considered valid so long as one (out
of many) signatures is valid?
The former behavior would be useful to ensure message long-term message
integrity, in case one of the digest algorithms were found to be weak.
The latter behavior would be useful when using digest algorithms without
wide support (e.g. one might use SHA1 and SHA512, so as to support older
clients while providing greater security for modern ones).
Cheers!
-Pete
More information about the Gnupg-users
mailing list