On Thursday 04 December 2008, "Magnus Therning" <[EMAIL PROTECTED]> wrote about 'Remote signing of large files': >I'd feel a bit more safe if the >signing could be done on a separate server. However, the built files >are large and I don't want to introduce a bottle neck by transfering >all files back and forth over the network.
In any case, you'd only have to send big files in one direction, the detached signatures should be relatively small. >So, my idea was to somehow separate the two steps that GnuPG performs >under the hood when signing, creating the message digest (hash) and >the signing of this message digest. I've found `--print-md` which >looks promising, but there doesn't seem to be any `--sign-md`. A detached signature is, mathematically, the message digest run thorough the encrypt() function. [Encrypting with the private key allows anyone with the public key to decrypt to the digest "plaintext" which they can compare to a locally calculated message digest, thus verifying the signature. They can also be assured that the signature is from the owner of the private key, or that the private key has been compromised.] So, you might try --encrypt'ing the output of --print-md. -- Boyd Stephen Smith Jr. ,= ,-_-. =. [EMAIL PROTECTED] ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.org/ \_/
signature.asc
Description: This is a digitally signed message part.
