At work I want to add signing to our automatic build system. In theory it's a simple application of `gpg` at the end of building to get a detached signature would do, but I'm weary of sticking the secret key on the build servers. I'd feel a bit more safe if the signing could be done on a separate server. However, the built files are large and I don't want to introduce a bottle neck by transfering all files back and forth over the network.
So, my idea was to somehow separate the two steps that GnuPG performs under the hood when signing, creating the message digest (hash) and the signing of this message digest. I've found `--print-md` which looks promising, but there doesn't seem to be any `--sign-md`. Any help and suggestions are welcome! /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe
