Direct signatures
Neal H. Walfield
neal at walfield.org
Fri Oct 23 13:41:02 CEST 2015
Hi Lachlan,
At Fri, 23 Oct 2015 10:58:22 +0200,
Lachlan Gunn wrote:
> Is there any way make GNUPG or libgpgme generate a signature from an
> externally-computed hash? My justifications for this are twofold:
In theory yes, in practice no. To generate an OpenPGP signature, the
OpenPGP implementation hashes the concatenation of the data and some
metadata. That is, it computes: H(data || metadata). Thus, to do
what you want you'd need to give GnuPG not the hash of the data, but
the internal state of the hash function before it appends the
metadata. Unfortunately, the internal state is implementation and
platform dependent. If OpenPGP computed signatures as follows:
H(H(data) || metadata), then what you wanted would be straightforward
to implement.
> 1. Isolation---by removing the need for gpg to see the original data,
> it becomes possible to perform signatures on a system that is
> completely isolated, at least as far as incoming data goes.
>
> 2. Process separation---I have ideas involving SELinux that I would
> like to experiment with, and doing so requires that tasks be split at
> the process level as I understand.
There are two ways around this:
- You can run gpg on one machine / user account and gpg-agent on
another. (Look up the extra-socket option in the GnuPG manual.)
Note: I briefly cover this in my "An Advanced Introduction to
GnuPG" presentation, which was recorded at RMLL:
https://2015.rmll.info/introduction-avancee-sur-gnupg?lang=en
- Have GnuPG sign the hash of the data. That is, use something like
sha256sum to compute a hash of the data, transfer the hash to the
machine running gpg and sign that data. This adds a level of
indirection, which the person verifying the hash needs to deal
with.
:) Neal
More information about the Gnupg-users
mailing list