How can I add encrypted comments.

Stefan Claas spam.trap.mailing.lists at gmail.com
Thu Jan 14 23:18:47 CET 2021 

On Thu, Jan 14, 2021 at 11:15 PM Ayoub Misherghi via Gnupg-users
<gnupg-users at gnupg.org> wrote:
>
>
> On 1/14/2021 10:37 AM, vedaal at nym.hush.com wrote:
>
> On 1/14/2021 at 4:47 AM, "Ayoub Misherghi via Gnupg-users" <gnupg-users at gnupg.org> wrote:
>
>
> I am encrypting and signing documents with myself as the receiver. Nobody else will want to look inside them. Is it possible to add encrypted comments or other information to a separated signature file; and later retrieve this additional information? I want to be able to decrypt the signature file alone and retrieve all the information I put inside it.
>
>
> =====
>
> Not exactly,
>
> but functionally, yes, it can be done.
>
>
> [1] Armor the signature file    (   gpg --armor filename.sig  )   this outputs to filename.sig.asc
>
>
> [2[ Armor your encrypted comments, and copy them to the end of the filename.sig.asc,
>
> (leave one blank line between the pgp footer of the signature file, and the pgp header of the encrypted file)
>
>
> [3] Save the whole thing as filename.sig.asc
>
>
> [4] gpg filename.sig,asc  will automatically verify the sig if the original signed file 'filename' is present, and also decrypt the added comments
>
>
> vedaal
>
> =====
>
> I have the concern that if this is not part of GPG, future versions of GPG may not allow it; leaving me in the lurch.
>
>
> I have these questions:
>
> [Q1] Does this mean "filename.sig.asc" will still be decrypted if "filename" is not present?
>
> [Q2] Is there a reason why the functionality is missing from GPG?
>
> [Q3] The references I find on the internet are directed at users of GPG and not
>
> developers of applications of GPG, can you  please direct me to references that
>
> show me things like the format of the signature file, armor and not?
>
>
> Thanks,
>
> Ayoub

Sorry for chiming in, the link I gave you is normally meant for implementors of
OpenPGP software. In case this is not so easy to understand you may try a
visually approach, while creating some standard files/sigs and then examine the
armored bytes with this tool:

https://github.com/ConradIrwin/gpg-decoder

Best regards
Stefan

More information about the Gnupg-users mailing list