Signing a file given its hash only
Richard Stoughton
kyrieuon at gmail.com
Sun Jun 1 19:06:42 CEST 2025
On Wed, May 14, 2025 at 11:56 PM Chris DeYoung <chd at chud.net> wrote:
>
>
> > Artifacts that must be signed are produced on M which is capable of
> > calculating hashes (e.g. SHA-256 hashes). H has the ability to read
> > these hashes but cannot access the artifacts.
>
> How does H know that the hash is valid? H could just sign the hash if it
> trusts what M generates, but it isn't obvious to me how that's more
> secure than just having M sign it.
You're right. If M or the input of M is compromized then H will
possibly sign compromized artifacts. The security of the complete
process is limited by M.
The purpose of H is solely to limit access to the private signature
key. M signing the artifacts by itself would require the key to float
around.
More information about the Gnupg-users
mailing list