Is signing a file with multiple keys possible

Phil Pennock gnupg-users at spodhuis.org
Sat Mar 24 01:44:44 CET 2018


On 2018-03-24 at 00:31 +0100, Dirk Gottschalk via Gnupg-users wrote:
> Is it possible to sign a file with multiple keys?

Yes.  Slightly lower-level operations than normal signing, but not by
much, you just need to know about enarmor/dearmor and how signatures are
put together.

> For Example: John, Harry and Sally wrote a file, lets assume it is a
> text file. Now all of them want to sign this file, so that when
> verifying it, all three signatures are visible.

------------------------8< multi-sign recipe >8-------------------------
curl -LO https://pt-dummy-app.herokuapp.com/poetry/if.txt

laptop$ gpg --detach --sign if.txt
laptop$ mv if.txt.sig if.txt.sig-laptop
securebox$ gpg --detach --sign if.txt
securebox$ mv if.txt.sig if.txt.sig-securebox

cat if.txt.sig-laptop if.txt.sig-securebox | gpg --enarmor > if.txt.asc

gpg --verify if.txt.asc
------------------------8< multi-sign recipe >8-------------------------

If the individual signatures are ASCII-armored, then use `gpg --dearmor`
to turn them into binary format.  Multiple signatures are just one after
another: there's no container _around_ them, no special merging tools
needed.

In the above example, the securebox is using:
  local-user 0xlong_subkey_1!
  local-user 0xlong_subkey_2!
in ~/.gnupg/gpg.conf to generate two signatures, so that I sign with
both EDDSA and RSA.  Thus the resulting `if.txt.asc' has _three_
signatures.

I've attached the combined signature.  You should be able to grab the
famous poem from the URL above and verify my signatures upon the text.

-Phil
-------------- next part --------------
-----BEGIN PGP ARMORED FILE-----
Comment: Use "gpg --dearmor" for unpacking

iQEzBAABCAAdFiEEq4gt1kA1okdY9paI0jG9pqefzuAFAlq1nX4ACgkQ0jG9pqef
zuAKlgf+P+trdLPknA/sNyNwAIbJoUzpqLxGxxaLT/0ZDrdOlgLsAXqTvYmMljEu
SBQiRLvfv+lGhKKnvZVWolpb4EsNZFFoqdsV65NnhVrFTw6wBQrrWgcHzP1WjGd9
Bw7AWLQzwmJUj3eULGJMce5k8W/aOzvbcJR7d7Kh66Sk+uuKsHznBHu0/3kr5XJ4
4tvyC4DfHyJ5xA2l+EV7mWDpPX7vaAnjs9fwKmXM9DXHP2aAeTW5w/ie3Sa1JW7D
P+hH1eTH2esJWxq9gvhFk8ubdlVjKcdJOpcbvSBvqb4EIx2J4G574/CWTPdDJtl+
dPguQ9NdhuDl3qVyIhwsip3bNKulhoh1BAAWCAAdFiEETlwXnn/8Tb+ObBMvURBO
Zo3QRIEFAlq1nb8ACgkQURBOZo3QRIEKuQEAkQmM+EVWoXYf0t9OyJZuW8A3OfBT
e4709WsddU83xAEA/RnAi9QAB/C5XyURCbcMsjshzHnj1oUjc0eChywebf8PiQIz
BAABCAAdFiEExpOgNOHtbulUyuLaE9rZnH5BUZwFAlq1ndcACgkQE9rZnH5BUZxX
4Q/9GY9PNo8c4E/C6no0LG2KUoYI1edDP2OjMJCj5r09URxR670a3lSjeztauewt
fIwX955lNuqsQUnz0asGh4PugNTN1NLCy99hDKYoY7Aczc3c5XhvJTrwJZiFXQh0
t1e16Qlmvu5FQmHygFCVrtRwZB3ZhEiKVwmzSN0MJkRQNDL0Hz3iPkp4LZF3zDwW
op7jwVJFN85qoavcxh/pYrBsOd7UNIvxePhw0joxne4gA1u0G54YKlIopWUc7ECB
ExYt0LciIfpolKQ1pBWDCchG/SrviLlPOVyTM/803IP8lnUD56QEPKck9QlwHzIP
ooVuPUWKM7vqGFYXO6ttFfurf2eVa/3qmTK5DWmmnDS9bxWjLxsebEBiTqmTqyHM
zVj1kXgPUjP5zgqpwkx4SNZCmvCC74x42VFOQ1c72kLf8i5K+q2shVjTQRkNhG5D
HA2KW0bvK6OE5BD3jbgx/USrb18N7MeVVNSZQ8eLbJ5vp9ee9ERnv7gM3UK+7++H
rAA9zTEyTtMeOdGnAv/cBpbOcpQK0LSh63BWZvTQF9N3bRbQ2qMQnYFMESOGvS5p
2mZPYYkWbjjoEmeqibbsr8TNl8gC0B9fFPuTEwonQsbRQPAYnuawgGesDUPtbOon
hh/i4/Co1NW2kf7JcJ0HtneASL7E/DIvGObFxQyBNaFBm8A=
=mISS
-----END PGP ARMORED FILE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 996 bytes
Desc: Digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180323/6aa14c14/attachment.sig>


More information about the Gnupg-users mailing list