Signing a file given its hash only

Matt Borja me at mattborja.dev
Wed May 14 02:21:48 CEST 2025 

Hi there,

Unless I’m missing something, this is a pattern I see used in release management where a list of SHA256 checksums for deliverables are provided in a file, and that checksum file is then clearsigned (or detached if you prefer). Also known also “signing your checksums file.”

Examples:
- https://releases.ubuntu.com/focal/
- https://www.debian.org/CD/verify

The security of this process in the scenario you described, however, would be contingent upon a) the transport security between M and H, and b) whether H in fact trusts M to produce valid and trustworthy checksums.

Assuming everything is okay here, you then ship both the checksums file and its corresponding GPG signature to L. In this manner, H does not require access to artifacts on M due to their SHA256 representatives (presumed to be cryptographically ensured) and L of course is presumed to be secure because it only involves the use of public keys, cryptography, and resultant signatures needing to be verified by external consumers, etc.

I would offer, though, that M should actually be considered just as sensitive as H since it is producing artifacts (aka attestations) that H is going to end up signing for. If you’re automating this (as in DevOps), consider supply chain threat scenarios and the implications of a compromised M producing some nullifying claim or malicious code that ends up getting certified as “valid” by H.

Regards,

Matt

On Tue, May 13, 2025 at 15:22, Richard Stoughton via Gnupg-users < [gnupg-users at gnupg.org](mailto:On Tue, May 13, 2025 at 15:22, Richard Stoughton via Gnupg-users <<a href=)> wrote:

> Hi,
>
> We have three servers H -> M -> L with high, medium, and low security.
>
> The private signature key is known to H only and must never leave H.
>
> Artifacts that must be signed are produced on M which is capable of
> calculating hashes (e.g. SHA-256 hashes). H has the ability to read
> these hashes but cannot access the artifacts.
>
> The artifacts are then being transported to L where they are
> considered valid if there is also a valid signature for them. H is
> expected to push the respective signatures to L.
>
> The question is: Is it possible to gpg-sign a file given its hash only?
>
> --
> Thanks in advance,
> Alex
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250514/8267f929/attachment-0001.html>

More information about the Gnupg-users mailing list